The true cost of cyber attacks

Cyber attacks impose significant costs that go beyond financial losses. These hidden costs can include disruptions to operations, decreased productivity levels, and harm to brand reputation and customer trust — all of which require additional costly resources to recover from the attack.

47% of Australian IT security professionals have faced one or more cyber attacks in the past year according to recent research. Additionally, the average annual expense of recovering and dealing with these cyber attacks has surpassed AU$4.1 million.

Although, this number does not come as a shock when one considers the evolution of cyber threats over the last few years. Over half of Australian organisations reported that cyber attacks have grown more serious (52%) and sophisticated (58%) over the past year — leading to a longer and more complex recovery period.

Expanding access to cybercriminal tools and its costly impact

Cybercriminal tools are becoming easier than ever to hire and access via the internet, and even those who hold limited skills and resources can now carry out costly attacks. Tools such as generative AI in particular are increasing cybercriminals’ ability to automate and scale their attacks.

Barracuda’s research revealed that cyber attacks cost Australian organisations a staggering AU$2.6 million on average each year. This cost is directly associated with damage to infrastructure, incident investigation, remediation activity and theft of IT assets. On top of this, Australian organisations face an additional cost of AU$1.5 million on average accounting for operational disruption and a loss of productivity.

Technical challenges to effective security

There are a number of common barriers that organisations face when protecting their assets and employees from cyber attacks, including:

• Not implementing consistent security policies and programs: Organisations are finding it increasingly difficult to implement policies such as multi-factor authentication consistently across their network, made worse by the proliferation of personal devices being used for work — leaving user credentials and corporate networks vulnerable to exploitation.
• Poor visibility into networks and applications: Organisations lack adequate visibility into their networks and applications, as well as all the third parties with access to sensitive and confidential corporate information.
• Poor incident response plans: A quarter of organisations report inconsistent application of their incident response plans, while one in 10 lack a plan altogether — and organisations that haven’t tested their plans may face delays and complexities during incidents, potentially amplifying the damage caused by cyber attacks.
• IT infrastructure limitations: Over a quarter of Australian organisations don’t believe their IT infrastructure is equipped to deal with automated attacks using generative AI.
   

So how can Australian organisations navigate this evolving landscape to bolster their defences and reduce the financial and operational costs of cyber attacks?

Keeping your organisation cyber-secure

The research identified a number of trends among ‘high performing’ organisations in the cybersecurity space. First of all, these organisations are acutely aware that cyber attacks are becoming more severe and sophisticated. These organisations are also more likely to say they have the necessary resources, strategies and investment to minimise their risk, which many smaller organisations struggle with.

High performing organisations also reported having well-tested and widely adopted incident response plans to reduce the costly impact of a potential attack.

In order to reduce the likelihood of suffering an attack, organisations must futureproof themselves by investing in company-wide training, innovation and strategic planning. By embracing the growing level of cyber risk rather than shying away from it, organisations can strengthen their cyber defences in an evolving digital environment.

Image credit: iStock.com/AndreyPopov