IBM recently released its annual Cost of a Data Breach report, revealing that the average cost of a data breach in Australia reached a record-high of AUD $4.26 million (USD $2.77 million) in 2024. This represents a 27% increase since 2020.
The report also highlighted that Australian organizations continue to be most threatened by the same threats that had dominated in previous years. Furthermore, with a deep cyber security skills crisis in the country, it’s proving to be difficult for organizations to mitigate against the risks, despite being well aware of them.
IBM’s research this year shows:
The growing reliance on security AI and automation to combat cybersecurity threats was also a key finding.
According to the report, 65% of Australian organisations surveyed use these technologies within their Security Operation Centres. Companies that don’t use security AI and automation face significantly higher breach costs, averaging AUD $5.21 million (USD $3.39 million), and take an additional 99 days to identify and contain breaches compared to those extensively using these technologies.
Katherine Robins, lead partner for Cybersecurity Services at IBM Consulting, said that while companies’ knowledge of common cyber threats is improving, attackers are also leveraging AI in such a way that those common threats remain the biggest risks.
“New technologies have enabled deepfakes that make it easier to socially engineer attacks,” Robins told TechRepublic. “People are falling prey to scams and phishing campaigns, leading to these data breaches. The skill shortage of qualified cybersecurity professionals further exacerbates this issue.”
SEE: IBM’s Think 2024 News That Should Help Skills & Productivity Issues in Australia
Robins suggests that organizations can address critical skill shortages by supporting early professionals in cyber security through mentorship programs and facilitating career pivots with appropriate training and certifications.
Meanwhile, there needs to be a clearer understanding of where responsibility for cyber security should be. Increasingly, CISO or CIO are being held directly and personally responsible for the cyber security of an organization.
But as Robins said, that’s missing some key nuances.
“CISOs and CIOs are custodians of the budget they receive,” she said. Holding them personally accountable becomes complex if organizations cut budgets that fund cybersecurity programs. Cyber security is an organizational-wide responsibility from the board down, and accountability should reflect that.”
Robins added that more needs to be done to help drive full cybersecurity awareness across the board.
“We are seeing cyber security appear on most board agendas as a priority,” she said. “The understanding of cyber security at the board-level varies greatly, but many programs and initiatives target board executives to train them on the risks, such as those offered by AICD. Including your board in cybersecurity awareness training is also important.”
At a national level, the Australian government is committed to furthering cyber security, with the 2023-2030 cybersecurity strategy as their overarching vision. Robins hopes that the risks will be better managed and the cost of breaches will ease.
The 2024 Cost of a Data Breach Report noted that involving law enforcement saved ransomware victims as much as US $1 million in breach costs.
“Cyber security is ever-evolving to meet the threat landscape,” Robins said. “We look forward to seeing strategy updates cascade down into research, policies and regulatory compliance. Cyber security is everyone’s problem, and having the government drive this from the top has been great for all Australians.”
Overall, while cyber security represents a deepening problem for Australian organizations, and the skills shortage is exacerbating this challenge, the highly strategic and national priority that Australia is placing on improving conditions should help ease costs in the future.