IBM recently released its annual Cost of a Data Breach report, revealing that the average cost of a data breach in Australia reached a record-high of AUD$ 4.26 million ( USD$ 2.77 million ) in 2024. This represents a 27 % increase since 2020.
The review also made it clear that American businesses are still most in danger of being hampered by the same threats that dominated in the past. However, with a heavy computer security skills crisis in the country, it’s proving to be hard for organizations to mitigate against the risks, despite being also mindful of them.
Phishing: Most Popular Cyber Attack
IBM’s study this time shows:
- First attack vectors: Phishing was the most popular first strike vector, accounting for 22 % of vulnerabilities and costing companies AUD$ 4.35 million per violation on average. At 17 %, qualifications that have been stolen or compromised cost on average AUD$ 4.32 million. The most expensive breaches were those caused by malicious officials, accounting for 8 % of the incidents investigated and costing AUD$ 4.91 million per violation.
- Data breach lifecycle: American businesses needed 266 days on average to determine and include cyberattacks, which is eight days more than the world average.
- Data presence gaps: 32 % of breaches involved data stored across several environments, including open sky, personal sky, and on-premises systems. These vulnerabilities, which lasted 301 days to detect and have, cost AUD$ 4.88 million on regular.
- Detection and increase expenses: Detection and increase prices remain the most expensive element of a violation, averaging AUD$ 1.65 million, followed by post-breach comment and lost business expenses.
- Cost of staffing shortages: Organizations with extreme staffing shortages reported an average cost of AUD$ 2.7 million per breach higher than those with little or no security staffing issues.
AI and technology: A strategic advantages and danger
Another important finding was the increasing reliance on safety AI and robotics to fight cybersecurity threats.
65 % of American businesses surveyed use these systems in their safety operations centers, according to the report. Companies that do n’t employ security AI and automation have significantly higher breach costs, ranging from$ 5.21 million to$ 3.39 million, and take an additional 99 days to catch and contain breaches than those who extensively employ these technologies.
While corporate awareness of common digital challenges is expanding, as per Katherine Robins, direct lover for security services at IBM Consulting, attackers are also utilizing AI to reduce those threats, which are still the biggest risks.
” New technologies have enabled deepfakes that make it easier to socially engineer attacks”, Robins told TechRepublic. ” People are falling prey to scams and phishing campaigns, leading to these data breaches. This issue is further exacerbated by the lack of qualified cybersecurity professionals.
SEE: IBM’s Think 2024 News That Should Help Skills &, Productivity Issues in Australia
Skill shortages and gaps in understanding
Robins suggests that organizations can address pressing skill shortages by assisting early career cyber security professionals through mentoring programs and facilitating career transitions with appropriate training and certifications.
In the meantime, it is important to have a better understanding of who should bear responsibility for cyber security. Increasingly, CISO or CIO are being held directly and personally responsible for the cyber security of an organization.
But as Robins said, that’s missing some key nuances.
“CISOs and CIOs are custodians of the budget they receive”, she said. When organizations reduce the amount of money that goes toward cybersecurity programs, holding them personally accountable becomes challenging. Cyber security is an organizational-wide responsibility from the board down, and accountability should reflect that.”
Robins added that more needs to be done to raise the general public’s awareness of cybersecurity.
” We are seeing cyber security appear on most board agendas as a priority,” she said”. Although board executives are subject to a wide range of understandings of cyber security, many initiatives and programs target board executives in order to educate them about risks, like those provided by AICD. It’s also crucial to include your board in training for cybersecurity awareness.
Government initiatives and their effects
At a national level, the Australian government is committed to furthering cyber security, with the 2023-2030 cybersecurity strategy as their overarching vision. Robins anticipates better risk management and lower breaches ‘ costs.
According to the Cost of a Data Breach Report for 2024, law enforcement’s involvement saved ransomware victims up to US$ 1 million in breach costs.
” Cyber security is ever-evolving to meet the threat landscape,” Robins said”. We anticipate that strategy updates will be rolled over into research, policies, and regulatory compliance. Cyber security is everyone’s problem, and having the government drive this from the top has been great for all Australians.”
Overall, the highly strategic and national priority that Australia is placing on improving conditions should help lower costs in the future, even though the skills shortage and deepening problem for Australian organizations contribute to this problem.
