20 Apr, 2017
Australian critical infrastructure organisations targeted by cybercriminals hundreds of times each day – Survey
Canberra, (19 April 2017), Joint media release by the Attorney-General, Leader of the Government in the Senate, Senator George Brandis QC, Minister Assisting the Prime Minister for Cyber Security, Dan Tehan MP — The Government has today released a comprehensive cyber security survey, published by the Australian Cyber Security Centre, of Australian government and major businesses of national significance.
The release of the survey comes as the Turnbull Government this week marks the first anniversary of the launch of its Cyber Security Strategy. The strategy has increased awareness of cyber security threats and the Government continues to collaborate with industry to mitigate the online risks facing all Australians.
The 2016 Australian Cyber Security Centre Survey reinforces our understanding of the unrelenting and increasingly sophisticated cyber threat that organisations face every day.
It confirms that many Australian organisations – 90 per cent of those surveyed – are experiencing some form of attempted or successful cyber security compromise, and that some are being targeted up to hundreds of times per day.
Importantly, the survey demonstrates a high level of ability of organisations to prepare for and recover from cyber threats. However the continually changing threat environment means more needs to be done to prepare, adapt and detect potentially malicious activity.
Key findings from the survey include:
- The need for senior executives and boards to be considering cyber security risks more regularly – and not just when there is an incident to manage;
- The need to improve our understanding of the factors that can increase cyber security risk;
- The need to better understand the value of the data and systems we are trying to protect;
- The need to better explain and demonstrate the benefits of building relationships and sharing information;
- The need for cyber security plans to consider whole of business operations and impacts as well as be regularly reviewed and exercised to ensure they remain relevant and effective; and
- The quantum of cyber incidents is likely underreported as they are still hard to detect and organisations can be reluctant to tell others about their experiences.
The survey provides us with a benchmark for future reporting and will be an important document to help the Australian Cyber Security Centre ensure its advice continues to meet requirements, as well as deepening our understanding of the pressures industry and government face in cyberspace.