Of the 473 business leaders surveyed, 40% said cyber risks were their biggest concern for 2023, while 43% said it would be their primary issue in the next few years.

It is worth noting the survey ended just before the Optus data breach occurred on 22 October 2022. Since then, Australia has seen further high-profile cyber attacks, including the release of health records of Medibank customers on the dark web.

“In an increasingly digitised world, the collection, storage and security of sensitive data, be it from customers, suppliers, staff or own business information, poses a real and rising challenge for all businesses,” the KPMG report noted.

“Anecdotally, these recent public examples of IT system vulnerability have lifted still further business leaders’ concerns about cyber risk since our survey closed.”

The report also noted that associated key concerns of business leaders relating to cyber risks include ‘after-the-event’ type challenges – including understanding their organisation’s ability to sustain operations if the disruption lasts for multiple weeks, if not months, while at the same time managing media, dealings with the regulator, and any negative public attention.

In KPMG’s 2022 edition of Cyber Security Considerations, five key actions were identified for organisations to contemplate in managing cyber risks going forward:

  1. Consider how long you can sustain the business if significant functions are down and what it would mean from a customer impact perspective.
  2. Question whether your current resilience plans are fit for purpose for a cyber attack and take appropriate corrective measures.
  3. Transition from traditional security thinking around confidentiality and availability of data and begin thinking about striving to ensure integrity and resilience.
  4. Commit to a security strategy that can protect organisational and customer data, manage risk, and is sensitive to short and long-term business priorities.
  5. Create a culture where cyber security is everyone’s responsibility through innovative solutions and new and different ways of thinking.

How we help

Ready to protect your business? My Business Cyber offers a complete solution to test, train and measure awareness, reducing the risk of human error. Protect your business from cyber scams and attacks with automated staff training, phishing simulations, tools, and resources.