Cybercrime cost Australian companies $US6.9 million in 2018 – a rise of 26 per cent since 2017.

According to Accenture’s latest Cost of Cybercrime study, data loss and business disruption were the biggest expense resulting from attacks, making up three-quarters of the overall to Australian companies.

On average, Australian businesses each experienced 65 security breaches last year – up from 53 in 2017 – with instances of ransomware, malware, phishing, and stolen devices all increasing in the 12-month period.

Joseph Failla, Accenture’s security lead in Australia and New Zealand, said that Australians need to be aware that our small population does not make us immune from cyber threats.

“Despite our remote location, Australia has not escaped the impact of some major global ransomware attacks in the last 12 months, with many businesses falling victim to NotPetya and WannaCry which had a considerable impact on cybersecurity expenditure,” Failla said.

“As public and private Australia, across all industries, becomes increasingly digitised, the threat landscape is increasing and leaving us more vulnerable.”

While ransomware has immediate disruptive consequences for a business, information loss is the biggest global cost of cybercrime as data protection regulation improves around the world. The European Commission’s 2018 General Data Protection Regulation (GDPR) requires all companies operating in the EU – regardless of where they are based – to inform users of data breaches.

Non-compliance with the GDPR can include penalties such as “a fine of up to €20 million or four per cent of the business’ total annual worldwide turnover”.

Similar, albeit less rigorous, regulation exists in Australia, but with lighter consequences.

The Notifiable Data Breaches scheme requires Australian businesses to “notify affected individuals and the OIAC when a data breach is likely to result in serious harm to individuals whose personal information is involved in the breach”.

The maximum penalty for non-compliance is $2.1 million.

Alarmingly, when the laws came into effect last year, more than half of Australian businesses were unaware of what that meant for them.

Failla also noted that Australian businesses tend to spend little on AI and machine learning cybersecurity measures despite their cost-efficiency.

“Australian businesses must understand where they can gain value in their cybersecurity efforts to improve their cyber resilience, minimising risk and even preventing future attacks,” Failla said.

“The continued lack of investment in artificial intelligence, machine learning and automated technologies is concerning, especially as they represent the most value”.

The study estimates the global economic risk of cyberattacks over the next five years is $US5.2 trillion.