Criminal syndicates considered the biggest threat for cyber attacks on Australian organisations

Wednesday 11 November 2015

  • Share

Nearly 80% of Australian organisations fear a criminal syndicate is most likely to be the source of a cyber attack according to a new EY security survey Creating trust in the digital world.

The survey of 1,755 organisations, including more than 60 from Australia, explored four major categories of potential attack sources and found that participants identified the most likely source as criminal syndicates (78%), followed by hacktivists (65%), employees (55%) and state sponsored groups (48%).

Compared with their global counterparts, Australian organisations saw the risk as greater in each of the key categories.

EY Oceania Cyber Leader Richard Watson said 80% of organisations do not believe their information security structure fully meets their organisation’s needs.

“Nearly half of respondents said their budgets needed to nearly double to align their organisation’s need for protection with its managements’ tolerance for risk.

“Organisations are embracing the digital world with enthusiasm, but that is not necessarily corresponding with an uptick in the sophistication required to address cyber threats, with 29% of organisations believing they would be unlikely to detect a cyber incident.”

Mr Watson said Australian organisations needed a laser-like focus on cybersecurity but lacked confidence in their ability to detect sophisticated cyber attacks.

Other key findings include:

  • The growing use of mobile devices is making organisations feel vulnerable with poor employee awareness and behaviour seen as the biggest risk with 81% of respondents identifying it
  • Only 23% of organisations have a formal threat intelligence program
  • Phishing was responsible for 32% of the significant cyber breaches that impacted organisations in the last year
  • 56% of Australian organisations have a dedicated function that focuses on emerging technology and its impact

Mr Watson said cybersecurity is inherently a defensive capability, but organisations should not wait to become victims.

“They should take an ‘active defence’ stance, with advanced security operations centers that identify potential attackers and analyse, assess and neutralise threats before damage can occur. It is imperative that organisations consider cybersecurity as an enabler to build and keep customers’ trust.”


About EY

EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit

This news release has been issued by Ernst & Young Australia, a member firm of Ernst & Young Global Limited. Liability limited by a scheme approved under Professional Standards Legislation.