Australia’s Cyber Security Strategy has generated a vibrant discussion about cyber security as a key element of national prosperity and security. Cyber security has been recognised as an enabler not only to improve existing ways of doing business, but as a critical new industry that can drive Australia’s future prosperity. For Australia to be globally competitive, cyber security must underpin the data- driven transition of every sector in the economy.
The need to deal with cyber security challenges has never been better understood. Boards recognise it as a key business risk, and also a competitive edge; commonwealth, state and territory governments better understand its importance for national security, prosperity, and improving the lives of all Australians.
Key to Australia’s future prosperity is a strong and vibrant online economy. Growth of our cyber security businesses, support to innovation and active collaboration between our research and business sectors is critical for achieving leadership and a reputation for trust in the global economy. The Cyber Security Strategy provides an overarching, organising framework for all Australian businesses to grow and prosper through cyber security innovation.
“There’s a buzz and an energy around the Australian cyber security industry that is unlike anything we’ve had before.” Nick Ellsmore,Security Advisor & Chief Apiarist, HIVINT
Since the launch of the Cyber Security Strategy we have seen a rapid growth in interest, energy and focus across the cyber security sector. The activity across the Australian economy has outstripped expectation. Australia ranks fourth globally in patent filings in cyber security research and development. Not only have the initiatives under the Cyber Security Strategy had a direct effect, but industry, academia and government agencies have increased their rate of engagement on cyber security. This is growing into a thriving community that will help protect Australia’s economy and continue to grow into valuable and profitable industry sector.
If Australia invests further in cyber security, it would unlock potentially valuable investments in digital innovation, boosting most businesses. According to Deloitte, by 2030 this could lead to:
- Lift of 5.5% in business investment,
- Wages up 2.0%,
- An extra 60,000 people employed, and Australia taking its share of a likely booming Indo-Pacific cyber security market.
Australians are embracing the Internet for business and personal use more than ever before.
- In the second half of 2016, the volume of data downloaded through broadband connections was 23% greater than the first half of 2016, continuing a long-term trend of growing Internet usage.
- In June 2016, 94% of adult Australians used the Internet to conduct banking, pay bills, or buy and/or sell goods and services.
While Australian companies are being hit with more malicious cyber activity, they are putting in place better means to deal with it.
- In 2016, 59% of organisations in Australia detected a business interrupting security breach on at least a monthly basis, which is more than twice as often as 2015, according to the ‘Telstra Cyber Security Report 2017’.
- 71% of respondents to the ACSC 2016 Cyber Security Survey reported having a cyber security incident response plan in place, compared to 60% in 2015.
- According to the ‘ACSC 2016 Cyber Security Survey Report’, organisations with higher levels of cyber resilience were more likely to have discussed cyber security at the board level in the past three months.
- 39% of CIOs had purchased some form of cyber insurance in 2016, compared to 24% in 2015, according to the Minter Ellison ‘Perspectives on Cyber Risk 2017’ report.
Government is assisting through the Computer Emergency Response Team (CERT) Australia. Over the past year CERT Australia:
- published 159 advice reports covering topics such as critical vulnerabilities in industrial control and building management systems, as well as malicious activity targeting banking applications; and
- handled 10,351 incidents affecting businesses, of which 363 were more serious incidents affecting systems of national interest.
The Australian Cyber Security Centre 2016 Threat Report showed how the landscape of cyber security threats and challenges affecting Australia continues to evolve (see also text box). Notable events in 2016 and 2017 expanded Australians’ awareness of how cyber security can impact our lives. Public expectations for improved privacy, integrity and availability of online services will only increase. Government and business will need to be better at anticipating and responding to future cyber security challenges to prevent shocks.
Cybercrime remains the most visible and damaging aspect of the cyber threat environment for the majority of Australian citizens and businesses. Almost all Australians that use the Internet are exposed to sophisticated cyber criminals seeking to steal money. Or to steal information or threaten to disrupt services for the purposes of fraud and extortion.
The Australian Criminal Intelligence Commission has built a stronger picture of the identities and methodologies of cyber criminals targeting Australia – mostly originating from Eastern Europe and Russia. This includes a class of offshore cybercriminal that specialise in targeting Australians.
The proliferation of ransomware – where the victim is prevented from accessing their systems or data until a ransom is paid – remains an endemic problem across the globe. In Australia, reports of ransomware activity reported to the Australian Cybercrime Online Reporting Network (ACORN) roughly doubled in 2016 compared to 2015.
Australia remains the main target of malicious software – predominantly ransomware and software that steals personal information – in the Asia Pacific region in 2016, likely due to our economic prosperity and high adoption of technology.