Cyber-crime: significant threat to survival of Australian organisations says EY

  • Share

Tuesday 10 December 2013 - Forty per cent of Australian senior executives report that the number of security incidents in their organisation has increased over the last 12 months, according to a survey released by EY.

Under cyber-attack, EY's Global Information Security Survey 2013 tracks the level of awareness and action by companies in response to cyber threats and canvasses the opinion of over 1,900 senior executives globally, including nearly 90 in Australia. This year’s results show that as companies continue to invest heavily to protect themselves against cyber-attacks, the number of security breaches is on the rise and it is no longer of question of if, but when, a company will be the target of an attack.

EY Asia-Pacific Information Security Leader Mike Trovato said with information security functions not fully meeting the needs in 79% of Australian organisations, 88% of companies are maintaining or increasing their investment in cyber-security to combat the ever increasing threat from cyber-attacks.

“Cyber-crime is a greatest threat to organisations’ survival today.

“Budget allocations toward security innovation are inching their way up, enabling organisations to channel more resources toward innovating solutions that can protect them against the great unknown.

“However, many information security professionals continue to feel that their budgets are insufficient to address mounting cyber risks.

“Recent examples of the hacking of the Crimestoppers, Australian Federal Police and the Reserve Bank of Australia websites demonstrate that no organisation is safe from this threat and it is a problem that pays no heed to geographical borders.

“Many organisations have realised the extent and depth of the threat posed to them; resulting in information security now being ‘owned’ at the highest level within 70% of the organisations surveyed,” Mr Trovato said.

Despite half of the respondents planning to increase their budget by 5% or more in the next 12 months, 73% of Australian organisations cite an insufficient budget as their number one challenge to operating at the levels the business expects, compared with 65% globally.

Of the budgets planned for the next 12 months, 9% is ear-marked for security innovation and emerging technologies.

Mr Trovato said as technologies become further entrenched in an organisation’s network and culture, organisations need to be aware of how employees use devices and social media, both in the workplace and in their personal lives.

“This is especially true when it comes to social media, which respondents identified as an area where they continue to still feel unsure about their capability to address risks.

“If organisations are putting all their energy into addressing current technology issues, how will they protect themselves against technologies that are just around the corner, or about to appear on the horizon? For example, how will they face the challenge of managing and defending against personal and hosted cloud?”

Mr Trovato said the gap between the level of information security measures organisations have in place and what they actually need is widening.

“In Australia, companies would be well advised to implement the ‘Top Four Strategies to Mitigate Targeted Cyber Intrusions’ as set out by the Defence Signal Directorate1.”

These are:

  • application whitelisting
  • patch applications
  • patch operating systems
  • minimising the number of users with domain local administrative privileges

“Greater emphasis on improving employee awareness, increasing budgets and devoting more resources to developing innovative security solutions is needed. The pace of technology evolution will only accelerate – as will the cyber risks.

“Not considering risks until they arise gives cyber attackers the advantage, jeopardising an organisation’s survival, and is a huge missed opportunity to adapt and shape the company’s success. Resilient companies are more likely to prosper,” Mr Trovato said.

“In the end, leadership and accountability is required to combat these threats, and senior leaders need to be aware that 80% of the solution is non-technical, it really is a case for good security governance.”


About EY

EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit

This news release has been issued by Ernst & Young Australia, a member firm of Ernst & Young Global Limited. Liability limited by a scheme approved under Professional Standards Legislation.

1 Strategies to Mitigate Targeted Cyber Intrusions, Cyber Security Operations Centre, Department of Defence Intelligence and Security, Defence Signal Directorate, 18 February 2010


Katherine Meier
Ernst & Young Australia
03 9655 2620 or 0417 859 323