itb-au logo
Story image

Cyber attacks worsening among Australian businesses, costing economy $1 billion a year

Cyber attacks are on the rise among Australian organisations, with cyber crime costing the Australian economy more than $1 billion per year, according to new research. 

The research, commissioned by insurance comparison service comparethemarket.com.au found small businesses account for 43% of all cybercrime targets. It also revealed that the online activities of nearly half of Australian employees have put the organisations they work for at risk of online attacks.

The research surveyed 1007 Australian employees. Respondents were presented with a number of activities that could put their organisation at risk of a cyber attack and asked whether they had done any of the following on their work computers: opened an attachment or a link in an email from an unknown contact; downloaded apps, software, videos or games without their employers permission; shared viral emails from unknown sources; and ignored computer updates.

Cyber attacks refer to deliberate malicious activity against a computer network or system to compromise security, economics or stability. The findings reveal that 44% of employees have put their company at risk of a cyber attack. Medium-sized businesses (20-199 employees) compromised their employer the most, with 53% of respondents admitting to potentially unsafe activity on their work computer. This is followed by large organisations of 501-1000 employees (48% of respondents), organisations of 201-500 employees (47%), and 43% of employees in small businesses (0-19 employees).

Comparethemarket.com.au also found, among employees who had carried out risky computer behaviours, 61% admitted they had opened an attachment in an email from an unknown source, and half (50%) had opened a link in an email from an unknown, external contact.

Opening emails from unknown recipients can be hugely damaging recent research shows that one in 728 emails in Australia is a malicious email, and 48% of all malicious email attachments are in an Office file format. In 2018, email scams cost businesses more than $60 million in lost revenue and time, and concerningly, 87% of small business owners think using antivirus software alone means they're safe from cyber attacks.

Older employees seem to be putting businesses most at risk through their use of email. Two-thirds (67%) of 50-69-year olds have opened an email attachment from an unknown contact, compared with 54% of under-30s. However, regardless of age, employees in medium-sized businesses are the biggest culprits with this type of activity at 66%, closely followed by businesses of 201-500 employees (65%).

Thirty-three per cent of employees have ignored computer notifications and updates on their computers. Regular computer updates are vital as they may contain important security features to guard against recent viruses and attacks.

Interestingly, it was the younger cohort that were most negligent about updating their malware and other types of security on their computer: 43 per cent of under-30s ignored notifications on their PC to update their security, compared with just 22% of those in their 40s. Small businesses are most at risk of cyber attacks from this risky behaviour, with 39 per cent of employees in small businesses admitting they've done this.

Further computer-related actions respondents admitted to doing at work included downloading an app or software from a third-party website without their employers permission (29 per cent) and sharing emails from friends or other contacts that are going viral where the original source is unknown (22%).

"Cybercrime is becoming increasingly sophisticated and is harming more and more Australians each day. Fake emails, texts and invoices are being sent to both businesses and consumers to access personal information," Comparethemarket.com.au says. 

"The price of cybercrime in Australia is costly to businesses, with 40% of cybercrime costing businesses from $1000 up to $5000. The direct cost of cybercrime can be compounded if it impacts the security of data and personal information stored by the business," it explains. 

"Government recommends businesses have a cyber security policy in place to minimise the chances of online attacks, so employees are fully educated around safe computer usage."