The number of reported cyber security incidents globally rose 48 per cent to A$42.8 million in 2013, the equivalent of 117,339 attacks per day, according to PwC’s latest Global State of Information Security Survey.
More than 9,700 IT executives including CIOs, CISOs and CSOs from 115 countries took part in the online survey during March to May 2014. There were 157 respondents from Australia.
According to the 9,700 respondents, the number of cyber incidents increased at a compound annual rate of 66 per cent since 2009 when the PwC survey was first conducted.
Globally, the estimated average financial loss from a cyber attack was US$2.7 million (A$3.07 million), a 34 per cent increase on 2012.
- Getting the cyber security analytics mix right
- How to avoid a Privacy Act breach
- How to present cyber security issues to the board
PwC Australia national cyber leader Steve Ingram said the frequency and cost of cyber crime wasn’t a surprise. However, the lack of investment in cyber security and involvement at the board level was a concern.
For example, the PwC survey found that spending on cyber security in Asia Pacific declined by 13 per cent during 2013 while there was a five per cent increase in incident detection.
In contrast, Europe had a 41 per cent increase in incident detection and the biggest increase in cyber security spending worldwide of 12 per cent.
North America had an increased detection rate of 11 per cent and a slight increase in spending of 2 per cent.
South America had a 24 per cent decrease in cyber security spending and 9 per cent decrease in detection.
“I still have this great fear that most people look at it [cyber crime] and think 'it won’t happen to me and this is someone else’s problem'. There is a lot of wishful thinking that everyone is safe,” said Ingram.
According to Ingram, the CISO or CSO needs to “get out of the IT department” and raise awareness of the issues with the board.
One of the challenges that IT professionals face is that boards see an increase in IT budgets but security incidents continue to rise, he said.
For example, PwC found that information security budgets had increased by 51 per cent globally since 2013, including investment in data analytics products such as active monitoring/analysis of information security intelligence.
“If you’re a businessman and you’re not really aware of the cyber issues, you’re going to think this is pouring good money after bad,” said Ingram.
Another challenge faced by enterprises in Australia is human error. According to Ingram, a lot of breaches occur through users getting duped by simple email scams such as spear phishing.
The PwC survey found that in Australia, cyber incidents caused by employees increased by 5 per cent while incidents caused by current service providers decreased 17 per cent.
The survey also found a 64 per cent global increase in security incidents that were attributed to competitive companies. In Australia, there was a 19 per cent increase in these sabotage incidents.
As Australian organisations look to compete globally, Ingram said that they will begin to experience competitor interference at rates similar to their APAC counterparts.
"There are two types of organisations: those who have been breached and know about it and those that have been breached and don’t know.”
Follow Hamish Barwick on Twitter: @HamishBarwick