Get all your news in one place.
100’s of premium titles.
One app.
Start reading
ABC News
ABC News
National
national affairs editor James Glenday

Most Australian executives wary of announcing cyber attacks and online strategies amid increased demand for transparency

Australian executives remain wary about publicly disclosing cyber attacks and cyber strategies, despite growing demands for transparency.

A new survey suggests 90 per cent of Australian executives are still concerned publicly sharing information about cyber attacks on their businesses could hurt their bottom line and lead to a loss in advantage over their competitors. 

Shareholders, regulators and politicians are increasingly demanding Australian companies be much more open about how they are protecting themselves from attacks and crucially securing the data of their customers.

These pressures have only grown in the weeks since the details of the massive hack on Optus was made public.

But the survey, carried out by PwC, suggests executives in Australia remain slightly more worried than their global counterparts about the downsides of publicly detailing attacks, incidents and their broad strategies.

"It's a really tricky topic for many organisations to get their heads around," said Rob Di Pietro from PwC.

"Some sectors are doing this well [sharing information with similar companies] but some are just starting out on that journey."

Operators of critical assets in sectors like broadcasting, banking, food, transport, fuel, communications and utilities are required to report to authorities when they are under attack.

Data is increasingly valuable to companies and criminals, and so, high-profile attacks are expected to become more common.

But the survey suggests about 81 per cent of executives feel mandatory reporting could discourage some companies from getting in touch with law enforcement.

It also indicates Australian organisations are more reactive to cyber incidents than their global counterparts, with more companies invoking plans after an incident has occurred, rather than anticipating attacks in advance.

"What that suggests to me is there is a still a way to go for us to realise the value of sharing threat information," said Mr Di Pietro.

"If one organisation gets hit and they can quickly share that information with others, it prevents them from also being impacted."

The Australian Cyber Security Centre warns attacks are increasing in frequency, scale and sophistication and says cooperation will make the country stronger.

"Sharing cyber threat intelligence and reporting all cyber security incidents … are key to building a truly national threat picture," a spokesperson said.

"It's only through closer collaboration and sharing of cyber threat intelligence that we can better prepare for the cyber threats all Australians face."

Most companies boosting cyber budgets

The PwC survey was carried out before the Optus hack but cyber security was still front of mind for executives.

It was in the top five scenarios included in "organisational resilience plans", only coming after concerns about a global recession and supply chain bottlenecks.

Australian companies were most worried about being targeted by criminal organisations but also had concerns about hacktivist groups, disgruntled insiders and some competitors.

Sixty per cent of organisations surveyed said they were planning to increase their cyber budget in 2023.

"We are in a digital age where these events are going to happen," Mr Di Pietro said.

"What we've learned from recent high-profile events is it's how you respond that actually dictates how you maintain your trust."

The Optus hack has caused more boards and companies to review their cyber security measures, something which has been broadly welcomed in Canberra.

MPs and senators involved in security committees in the federal parliament have been warning of the growing threat for some time.

"It is not an optional extra to be investing in and preparing for and protecting against cyber-attacks," said the shadow minister for cyber security, James Patterson.

"No one is immune. Everyone is going to be a victim of it one day.

"The only difference is some companies will be better prepared and better protected and some companies will be less protected."

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.