Allocation of cyber budgets key to mitigating breaches

From

Kapil Kukreja

Businesses are increasing their allocation of funds towards cyber security however questions remain over whether funds are being directed to the right areas, according to HLB Mann Judd risk and assurance partner, Kapil Kukreja.

Mr Kukreja said while an estimated 78 per cent of businesses are increasing their investment in cyber protection measures, budgets need to be apportioned to people and processes, not just technology infrastructure.

“Given the exponential rise in hacking attacks in recent months – including some high-profile cases – it is encouraging to see Australian businesses upping the ante on the need to protect their systems.

“However, it’s equally critical to ensure these funds are invested in the right manner and to the right areas to mitigate cyber security risks – and this applies to businesses large and small, and across every sector,” he said.

According to recent research, global cyber-attacks increased by 38 per cent in 2022, with 43 per cent of all cyber-attacks aimed at small businesses. Further, by the end of 2023, the annual global cost of cybercrime is predicted to top $8 trillion, with a business falling victim to a ransomware attack every 14 seconds.

“The prevalence of attacks is irrefutably increasing, and business owners and company boards need to safeguard their operations from such threats by allocating sufficient budgets for technology, training and human resources,” Mr Kukreja said.

As a general rule, he said all businesses should set aside 1-5 per cent of their annual IT budget for cyber security measures, including training of staff.

“This is a guide and it will depend on a range of factors, such as the nature of the business and complexity of its systems, but the key for all businesses is they need a budget available, along with a formal cyber strategy and cyber response plan.

“It’s about befitting approach and it can’t be an after-thought – the consequences are too dire,” he said.

Small businesses account for more than 97 per cent of all Australian businesses. The Australian Cyber Security Centre (ACSC) estimates 43 per cent of all Australian cyber-crime is directed at small businesses, with cyber criminals aware of limitations in investing in cyber security measures.

The ACSC puts the average cost of cyber-crime to small business at $39,000; $88,000 for medium business, and over $62,000 for large business. Currently, cyberthreats and scams targeting small businesses cost the Australian economy an estimated $29 billion a year.

Under the new Cyber Warden Program, the Federal Government will be investing $23.4 million in cyber wardens to build small business cyber resilience, with up to 60,000 wardens available in the next three years. Some of the most at-risk sectors include government, health and social assistance, information and telecommunications, and education and training.

“Hackers don’t discriminate…if a system carries any vulnerability, they will be able to exploit it and use the information obtained to their advantage.

“The reputational and financial consequences for businesses are so great, that directing the right amount of funds into the right areas should now be considered the number one operational priority,” he said.

You must be logged in to post or view comments.