The latest Mimecast 2022 State of Ransomware Readiness study has found that about 20% of Australian businesses experienced six or more ransomware attacks in the previous year, more than any other country or region surveyed, including Canada, France, Germany, the Netherlands, Nordic countries, Singapore, South Africa, the UAE, the UK, and the US.
In the meantime, 57% of Australian businesses (compared to 55% globally) believed that in the next two years, cyber attacks would partially disrupt Australia's essential national infrastructure.
Further findings revealed that more than 40% of organisations had experienced significant downtime because of ransomware attacks, up from 33% last year.
About 30% said it would take one to two days to return to normal business after an attack and it is estimated they could only withhold two to five days before sustaining significant financial loss and reputational damage. Businesses were also concerned that their cyber insurance would refuse to pay out for ransoms in the future.
The report found that nearly half of organisations had experienced a loss in revenue due to a ransomware attack in the past 12 months, and the average cost of an attack was between $50,000 to $100,000, with 20% of businesses asked to pay between $500,000 to $999,999 for their information to be returned.
NEED FOR BUSINESS AWARENESS
Mimecast APAC vice president Nick Lennon said that while there is still much work to be done to achieve a national security posture, further investment and initiatives are required to help bring down these figures.
“Building up cyber resilience requires time, planning, sufficient budget, and resources, and simply can’t remain as an afterthought post-breach,” Mr Lennon said.
The most common ransomware tactics used by cybercriminals included phishing emails with a ransomware attachment to attack and compromise businesses.
Supply chain attacks (41%) and compromised credentials (40%) were also listed as a tactic and about 47% of businesses had encountered network-wide attacks along with ransomware using encryption.
To defend against these threats, Mr Lennon added that there was more to be done by the government, businesses, and employees, with the need to train staff and employees as key awareness measures.
The study found that more than 67% of businesses said end users weren’t adequately trained on security awareness and only 63% maintain backups of files in the cloud or on-site to combat cyber attacks.
“More than 46% of respondents believe the most effective measure to reduce ransomware attacks is to train employees on how to recognise email threats,” Mr Lennon said.
“This highlights the need for company-wide awareness and accountability.
“The recent cyber security governance principles released by the Australian Institute of Company Directors (AICD) and the Cyber Security Cooperative Research Centre (CSCRC), as well as the government’s proposal to increase fines for serious or repeated privacy breaches, are a step in the right direction.”
NEED HELP PROTECTING YOUR BUSINESS?
My Business offers automated staff training, phishing simulations, tools, and resources to help protect your business from cyber scams and attacks. Learn more here.
