Key Takeaways
- The number and severity of cyberattacks are increasing.
- Demand for cybersecurity and cyber insurance providers is expanding.
- Cyberattacks cost the Australian economy more than $33 billion per year. This cost is forecast to continue rising.
Cybercrimes occur approximately every eight minutes in Australia, according to a report by the Australian Cybersecurity Centre (ACSC), and represent an increasing threat to Australian businesses. Self-reported financial losses due to cybercrimes totalled more than $33 billion in the 2021 financial year. However, this figure is understated due to the number of cyberattacks that go unreported.
As more businesses conduct operations online, their susceptibility to cyberattacks increases. According to an ABS data release, over half (55%) of all businesses used paid cloud computing services in the 2020 financial year, up from 42% in 2018. Larger businesses are more likely to use cloud computing services, heightening the potential for more cyberattacks.
What is a cyberattack?
Cyberattacks encapsulate a wide range of threats, such as malware, phishing, scams and hacking. However, the crux of a cyberattack is that it is a deliberate act to damage computers or networks, or access the data on them, for financial gain, to create instability or threaten security.
Cyberattacks have been on the rise in Australia, with over 67,500 reports made to the ACSC in the 2021 financial year, an increase of nearly 13% from the previous year. Again, this figure is understated as cyberattacks are under-reported, largely due to the potential brand and customer sentiment damage that is associated with a security breach.
In September 2022, the now infamous high-profile cyberattack on Optus occurred, where over 10 million accounts were breached and 2.1 million customers’ identity documents were exposed. Since then, Dialog, G4S, Telstra, MyDeal.com.au (a subsidiary of the Woolworths Group) and Medibank, which had all of its customers’ personal data and significant amounts of health claims data stolen, have all faced cyberattacks.
What does this mean for Australian businesses?
Rising rates of ICT use among businesses and the increasing threat of cyberattacks have lifted demand for cybersecurity providers.
Revenue has surged for operators in the cybersecurity sector, increasing at an average of 10.3% per year for the past five years, to over $2 billion in the 2023 financial year. Over the same period, the number of businesses has climbed to over 900, an expansion of over 60%.
By 2028, the industry is forecast to continue to surge beyond $3 billion, while in the short-term cybersecurity firms are likely to experience a spike in demand. For example, CyberCX, a cybersecurity consulting firm, has reported a 20% increase in inbound queries since the Optus breach was announced.
Increased demand for cybersecurity services is projected to have a flow-on effect to the broader IT sector, with upstream providers, for example, internet providers, computer retailers and cloud hosting providers also likely to benefit.
The effects of cyberattacks extend beyond the direct links to ICT-based industries, with insurance providers also being affected. The cost of taking out cyber insurance has doubled every year for the past three years according to global insurance provider Marsh, while other insurance providers have also pointed to increases in premiums by as much as 80% in the past year.
These trends are likely to ongoingly push revenue and profit upwards for insurance providers that offer cyber insurance services, as the threat and occurrence of cyberattacks become more frequent. However, the rising claim costs from companies that have taken out cyber insurance cover are likely to limit the positive affect on profit margins for insurance providers.
While cybersecurity and insurance providers are expected to benefit from increased cyberattacks, the broader economy, businesses that experience attacks and their customers will all wear the cost.
Larger businesses are likely to face greater ransoms, and consequently will have higher premiums for cybersecurity insurance cover. Overall, this is projected to increase general business costs, potentially eroding profit margins.
Businesses that forgo cyber insurance may save on insurance costs but they potentially expose themselves to a greater risk. An IBM report estimated that on average each cyberattack for the year ending March 2022 cost approximately US$2.92 million, up from US$2.82 million the previous year. In addition to the financial cost, significant reputational damage can occur from a cyber breach, further harming companies.
What is likely to happen in the future?
In the wake of increased cyberattacks and the significant economic threat to both businesses and consumers, the Australian Government is likely to undertake substantial reforms to cyber laws in Australia to prevent similar breaches.
Under current laws, Optus cannot be fined by the Australian Government for their breach; this is expected to change in the future. Additionally, telcos are currently exempt from minimum cybersecurity standards that can be set for most sectors of the economy, with their “superior defences” being cited as the reason.
In the future, it is likely that minimum standards for cybersecurity practices will be required and harsher penalties will be implemented for companies that have private consumer data leaked. If these changes do occur, cybersecurity providers are likely to experience further demand growth as companies look to comply and avoid paying increased fines. Similarly, cyber insurance providers are also likely to have more companies seeking insurance coverage to protect themselves from harsher penalties, potentially further increasing premiums.
