Corporate cyber breaches increasing in Australia, with people-based attacks up by a third


Accenture study finds Australian organisations are spending more than ever on cybersecurity, with instances of ransomware, stolen devices and phishing rising

Cyberattacks are on the rise for Australian organisations, experiencing an 18% increase in the number of security breaches in 2018, according to new research published by Accenture and Ponemon Institute. The study shows Australian companies experienced an average of 65 security breaches in 2018, compared to an average of 53 in 2017.

Based on interviews with more than 2,600 security and Information Technology (IT) professionals at 355 organisations worldwide, Accenture’s 2019  “Cost of Cybercrime Study” found that the cost of cybercrime is increasing, with Australian companies spending US$6.9 million on cybersecurity related expenditure. This is a 26% jump from 2018, higher than Germany at 18% and lower than the UK at 31%.

The research also shows individual incidents are becoming more expensive to companies, with the cost of ransomware attacks increasing by 40% in Australia from 2017-2018, from US$56,500 to US$89,433.

Australian businesses were found to have the largest increase in cybercrime driven by people-based attacks, with a 33% growth in cyberattacks from these methods. Phishing incidents rose by 13%, attacks generated from stolen devices by 11% and ransomware by 9%.  However, despite the increased threat and instances of these attacks, budgets for these people-based attacks have not been elevated accordingly, only seeing an incremental increase from 11% to 14% in 2018.

The study calculated cybercrime costs as what an organisation spends to discover, investigate, contain and recover from cyberattacks over a four-consecutive-week period, as well as expenditures that result in after-the-fact activities — i.e., incident-response activities designed to prevent similar attacks — and efforts to reduce business disruption and the loss of customers.

“Despite our remote location, Australia has not escaped the impact of some major global ransomware attacks in the last 12 months, with many businesses falling victim to NotPetya and WannaCry which had a considerable impact on cybersecurity expenditure,” said Joseph Failla, Accenture’s security lead in Australia and New Zealand.

“As public and private Australia, across all industries, becomes increasingly digitised, the threat landscape is increasing and leaving us more vulnerable”, Joseph said. “Australian businesses must understand where they can gain value in their cybersecurity efforts to improve their cyber resilience, minimising risk and even preventing future attacks. The continued lack of investment in artificial intelligence, machine learning and automated technologies is concerning, especially as they represent the most value”.

Despite an increase in cybercrime, the research reveals that most types of cyberattacks are taking less time to resolve, demonstrating that capabilities are improving. According to the research, malicious code attacks are now taking 20% less time to resolve. The deployment of automation, machine learning and artificial intelligence technologies remains low (35% and 34% in Australia respectively) – however these deliver the largest cost savings – up to US$2,670,000 – when fully deployed.

  • Australian companies are spending the most on discovery (35%) and the least on recovery activities (20%)
  • Information loss remains the most expensive consequence of a cybercrime in Australia (43%) followed by business disruption (32%).
  • Globally, banks and utilities companies continue to have the largest cost of cybercrime by industry, globally (US$18.37 million and US$17.84 million respectively)
  • Globally, the average cost of cybercrime for an organisation increases from US$1.4 million to US$13 million over five years.
  • The economic value at risk due to cyberattacks over the next five years is US$5.2 trillion globally.

Accenture has outlined three steps to unlocking the value in cybersecurity for Australian organisations:

  1. Prioritise protecting people-based attacks:
    Countering internal threats is still one of the biggest challenges with a rise in phishing and ransomware attacks, as well as malicious insiders.
  2. Invest to limit information loss and business disruption:
    Already the most expensive consequence of cyberattacks, this is a growing concern with new privacy regulations such as GDPR and CCPA.
  3. Target technologies that reduce rising costs:
    Use automation, advanced analytics and security intelligence to manage the rising cost of discovering attacks, which is the largest component of spending.

For more information on security investments that can help organisations effectively deal with cyber risks, visit


The study, conducted by the Ponemon Institute on behalf of Accenture, analyses a variety of costs associated with cyberattacks to IT infrastructure, economic cyber espionage, business disruption, ex-filtration of intellectual property and revenue losses. Data was collected from 2,647 interviews conducted over a seven-month period from a benchmark sample of 355 organisations in 11 countries: Australia, Brazil, Canada, France, Germany, Italy Japan, Singapore, Spain, the United Kingdom and the United States. The study represents the annualised cost of all cybercrime events and exploits experienced over a one-year period from 2017 to 2018. These include costs to detect, recover, investigate and manage the incident response. Also covered are costs that result in after-the-fact activities and efforts to contain additional expenses from business disruption and the loss of customers.