Over two-thirds (67%) of Australian organisations have suffered a ransomware attack in the last 12 months — 10 percentage points above the global average of 57%.
This is according to a report released today by Crowstrike, which also found that of the companies that fell victim to a ransomware attack, 33% paid the ransom, costing an average of AU$1.25 million for each breach. This percentage is higher than any other country in the Asia Pacific region, and more than the global average (27%).
The Crowdstrike survey quizzed 200 senior IT decision-makers and security professionals across Australia’s major industry sectors, many of which confirmed that their organisations had secured approvals on security upgrades. 74% of respondents said that the COVID-19 pandemic was a catalyst for this.
“The stream of high-profile ransomware attacks on Australian businesses in the last 12 months along with the growing complexity from ongoing remote working caused by the lingering pandemic as well as geopolitical tensions, should encourage all Australian businesses to get smart about cybersecurity,” says CrowdStrike chief technology officer Michael Sentonas.
The report also finds that more cybersecurity experts in Australia are more concerned about ransomware attacks due to COVID-19 at 80%, which is more than the global average of 71%.
Australian organisations are also increasingly concerned about nation-state attacks in the wake of COVID-19 (62%), with 71% believing that nation-state sponsored attacks will pose the single biggest threat to organisations like theirs in 2021.
In fact, more than eight in ten (82%) believe that attacks from China and Russia specifically pose a clear and present danger to Australia, and that growing international tensions will result in an increased likelihood for state-sponsored attacks (88%) due to increased motivation (85%).
While over half of (59%) of Australian organisations report that COVID-19 has accelerated their digital transformation efforts by at least six months, 63% also state that COVID-19, along with the onset of remote working and lockdowns have made it harder for their organisation to prevent cyber attackers from reaching their objective.
Australian organisations have also reported taking much longer than the global average to detect a cybersecurity incident – 140 hours versus 117 hours global average, with 61% finding it even more difficult now to hire cybersecurity professionals than it was 12 months ago.
“It is critical that every business, regardless of size has a focus on cyber security, resiliency and privacy, not only for the sake of the business itself, but as a matter of protecting the economy, national security and the safety of all Australians as a whole,” says Sentonas.