Gadens recently hosted an informative cyber themed panel event, hearing from Robert Feldman (Gadens), Mike Andrea (Oper8 Global), Darren Hopkins (McGrath Nicol) and Trent Nihill (Emergence) where the panel drew on their extensive experience from different industries to reflect on the high profile data breaches from 2022 and the implications for business in 2023 and beyond.
The amount spent on fighting cyber-crime is dwarfed by the proceeds of global cyber-crime, which was shown in the following key statistics:
- Cybercrime is predicted to cost the world $8 trillion USD in 2023. If it were measured as a country, then cybercrime would be the world’s third largest economy after the U.S. and China.[1]
- The global cost of ransomware through 2021 was $20 billion, a 57-fold increase since 2015. That figure, which includes ransomware settlement fees, is expected to increase to a massive $265 billion by 2031.[2]
- At the same time the global cyber security market was valued at USD 202.72 billion in 2022 and is projected to expand at a compound annual growth rate (CAGR) of 12.3% from 2023 to 2030.[3]
- Cybercrime is an estimated $42 billion cost to the Australian economy.[4]
- The Australian cyber market contributes A$2.4 billion to GDP. Australians spent A$5.6 billion on cyber security products and services in 2020. Australia is ranked ninth in the world for cyber revenue generation, projected to grow to over $7 billion by 2027.[5]
Is it really any surprise that high profile data breaches are increasing given the mismatch between cyber-crime proceeds and cyber resilience spend?
2023 is shaping up to be a year of reckoning for those businesses that are still lagging in getting their cyber house in order.
The attendees were shown a live demo of how easy an Office 365 account could be hacked using off-the-shelf code. This was followed by a real call from a cyber-criminal gang which demonstrated how calm and controlled ransomware gangs are once they have breached a business.
After reflecting on recent high profile data breaches and what that meant for business going forward, the panellists had the final following points to share:
- This isn’t just hype – change has happened (the increase in the Privacy Act penalties) and more is coming
- Now is the time to act, don’t wait for the laws to actually come into force – identifying where your data is and putting new processes in place takes time
- Review your people, process and technology – but mainly people, as most cyber attacks have an element of human error
- Most attacks, especially for SMEs are not sophisticated, basic IT hygiene goes a long way – look at controls like the Essential Eight
- Shift to a not a ‘if’ but ‘when’ mindset and make sure you test your incident response plan and back-ups
- Assemble a team of trusted advisors for when a cyber-attack happens.