Research by Rubrik Zero Labs has found that Australian organisations experience among the highest data breach rates in the world, and nearly all Australian organisations that fell victim to a ransomware event paid attackers to recover data or stop the attack.
These are among the findings in Rubrik Zero Lab’s new The State of Data Security: Measuring Your Data’s Risk report released this week. It was found that, based on the global average, almost 50% more data breaches impact Australian organisations, with the cloud being the most commonly targeted architecture.
The research behind the report involved surveying 1,625 IT and security decision makers at companies with 500 or more employees. The respondents included CIOs, CISOs, VPs, and Directors of IT and Security. The research was conducted in the latter half of January 2024 in the US, UK, France, Germany, Italy, Netherlands, Japan, Australia, Singapore, and India. None of these organisations are existing Rubrik clients.
The survey supplemented Rubrik telemetry that looked at more than 6,000 clients across 22 industries and 68 countries. The data includes over 42 exabytes of secured logical storage and more than 38 billion sensitive data records from January through December 2023.
The research found 82% of Australian organisations experienced a cyberattack in 2023. Of these, data breaches were the most prevalent style of attack comprising 54% of incidents, compared to the global average of 38%. Business email compromise attacks were the second most common attack method, witnessed in 45% of incidents. Cloud environments were the most targeted in Australia, with 75% of local respondents reporting malicious activity. SaaS recorded the second most malicious activity, reported by 60% of respondents, followed by on-premise infrastructure with 46%.
“Australia is a mature market and early adopter of cloud and many enterprise security technologies,” said Rubrik Vice President Antoine Le Tard. “As such, local organisations have been investing heavily in perimeter security for the past decade, yet Australia holds the unenviable title of leading the world in data breaches. This shows it’s time to think beyond the perimeter and shift towards cyber resilience strategies.”
“The cloud is a powerful business enabler, but it comes with inherent risk – particularly with vulnerable sensitive data,” he said. “According to Rubrik telemetry, there are a number of security blind spots when it comes to the cloud. Most data we see in a standard cloud instance is object storage, so it has far lower security coverage than other areas, yet more than a quarter of object storage data is sensitive data, such as protected health information and personally identifiable information.”
While data breaches were the most common attack type experienced in Australia, ransomware accounted for more than a third (36%) of local cyber incidents. In these cases, 97% of enterprises reported paying a ransom to recover data or stop an attack. In 70% of cases, a ransom was paid following an encryption event, and in 54% of cases, it was paid due to extortion threats. Additional key findings from the Australian data include:
- Throughout 2023, Australian organisations experienced an average of 28.17 attacks, on par with the global average of 28.12. This figure encompasses all attack types, including business email compromise, data breach, ransomware, insider event, and inadvertent data exposure.
- In Australia, ineffective backup and recovery solutions were the second most common limiting factor noted in the wake of a cyberattack (21%), second to only a lack of leadership involvement (22%). A lack of security expertise within the organisation was noted by 17% of Australian organisations.
- In the wake of an attack, the most common action Australian organisations took was to increase spending on new technologies or services (77%). This was notably higher than the global average of 55%.
“The high percentage of businesses paying a ransom following an encryption event suggests many Australian organisations are placing too much faith in perimeter defences. They simply aren’t prepared to recover their own data following a successful attack,” Le Tard said. “A comprehensive backup strategy is the best defence in these cases. It allows the victim to rapidly recover their own data without having to pay the attackers – but investing here often requires an organisation to accept breaches are inevitable.”
You can read the full report here.