iTnews
  • Home
  • News
  • Digital Nation
  • Governance
Digital Nation

Australian organisations report $33b loss from cybercrime

By Staff Writers
Jan 10 2022 1:39PM

Organisational cybersecurity culture is critical to success

Australian organisations reported losses of more than $33 billion from cybercrime over the 2020-21 financial year, according to the Australian Cyber Security Centre (ACSC).

Consumer crediting reporting agency Equifax recently released a report based on a panel of cybersecurity experts from the business community to discuss the growing threat of cybercrime in Australia.

Australian organisations report $33b loss from cybercrime

Equifax is no stranger to cybercrime, in 2017, the company was the victim of a cyber attack where 143 million customers had personal information leaked. The company spent US$1.5 billion over the following two years building up its cybersecurity.

  • Subscribe to Digital Nation Australia's twice-weekly newsletter

The panel was moderated by James Turner, Founder, CISO Lens and featured Wayne Williamson, Chief Information and Security Officer (CISO), Equifax Australia & New Zealand; Jamil Farshchi, CISO, Equifax Group/Global; John Yates, Director of Security, Scentre Group; and Catherine Buhler, CISO, Energy Australia.

As Australia continues to see increasingly sophisticated cybercrime threats, Equifax’s newly released whitepaper highlights that organisations must also evolve their security culture and adapt reporting structures and levels of preparedness to prevent cybercrime-related losses.

Equifax's Williamson says cybersecurity preparedness is ever-evolving, and the responsibility lies with the entire organisation, not just CISOs, to address cyber risks head-on.

“Common themes emerged from our conversations with security leaders at the top of their field: namely, involving a business’ security culture driven from the top and conducting threat assessments on people and technology remain core principles to managing these risks.”

The Equifax report identified several common elements that help drive a change in the cybersecurity culture, which were armoury, remuneration and embedded culture.

Armoury

To win against cybercrime, employees must be trained. The panellists say training must do more than just tell staff what to do, it should be training that effectively changes behaviour.

“At Equifax, every employee gets security training with a monthly benchmarking scorecard that measures their security behaviours and compares that to averages across their peers and the organisations they’re working with.

The combination of training, remuneration incentives and tech-enabled communication against KPIs means all staff members – across Equifax’s global operations – feel accountable for cybersecurity.

Organisations that seek to drive cultural change using the measures outlined above
will move the cybersecurity dial. But real success comes from a holistic approach to
the risk.

Jamil Farshchi says, “It’s not just the cybersecurity scorecard. It’s not just the bonus. It’s not just the reporting lines. It’s not just the board exposure. But when you bring them together, and you work at it together, it really does make a big difference.”

Remuneration

One other key tool in driving a cultural shift is reporting lines. At retail property giant Scentre Group,  for instance, John Yates reports directly to the CEO. A 2021 CISO Lens report suggests that the number of CISOs reporting directly to the CEO was around 3 per cent in 2020 – but increased rapidly to 8 per cent this year.

Reporting lines alone however don’t guarantee cultural change, according to the whitepapet. John Yates says it highlights the seriousness with which security is treated at an organisation.

Yates says, “At Scentre Group, we’ve come on a very fast journey in terms of cyber over the last five years. We now have a pretty mature outlook really led by the CEO.

“We drive a very lean business model. Everything you do, you’ve got to make a case for it. We have a very sensible board. They see that an existential threat is emerging, and they know responsible boards should be delivering a proportionate response to that threat.”

Embedded Culture

While cybersecurity may only be the role for a handful of employees, it is up to the whole organisation to instil it.

In Australia, there has been a dramatic increase in the number of CISOs brought on board by businesses, according to the panel.

Williamson says, “Companies need to ensure that the CISO doesn’t fight the battle alone. If you’ve set up your program in such a way that the CISOs are the arbiters of all things good, then you haven’t done it right.

“You want a cybersecurity mindset built into the DNA of the company at large, and one that can be carried by the masses versus just one individual,” he ends.

 

Got a news tip for our journalists? Share it with us anonymously here.
Digital Nation

You just read a Digital Nation story.

There are many others like it. Subscribe to our new weekly Digital Nation e-newsletter for more HR, finance, marketing, risk and emerging technology news and discussions.

SUBSCRIBE
© Digital Nation
Tags:
cybercrimecybersecurityequinoxgovernance

Related Articles

  • The Northern Beaches Women's Shelter hones focus on tech-enabled abuse The Northern Beaches Women's Shelter hones focus on tech-enabled abuse
  • Lawyers face sanctions for citing fake cases with AI Lawyers face sanctions for citing fake cases with AI
  • King & Wood Mallesons Australia to give Gen AI tool to 1200 lawyers King & Wood Mallesons Australia to give Gen AI tool to 1200 lawyers
  • Transport for NSW expands SAP Ariba usage Transport for NSW expands SAP Ariba usage

Partner Content

Logicalis APAC CIO Report: The CIO’s 2025 Mandate
Partner Content Logicalis APAC CIO Report: The CIO’s 2025 Mandate
What Embracing the AI Platform Shift Really Means
Partner Content What Embracing the AI Platform Shift Really Means
AI in cybersecurity: weapon or shield?
Promoted Content AI in cybersecurity: weapon or shield?
Ransomware targets Australian SME false sense of security
Partner Content Ransomware targets Australian SME false sense of security

Sponsored Whitepapers

Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt

Events

  • Tech in Gov 2025 Tech in Gov 2025
  • Forrester's Technology & Innovation Summit APAC 2025 Forrester's Technology & Innovation Summit APAC 2025
  • Security Exhibition & Conference 2025 Security Exhibition & Conference 2025
  • Integrate Expo 2025 Integrate Expo 2025
  • Digital As Usual Cybersecurity Roadshow: Brisbane edition Digital As Usual Cybersecurity Roadshow: Brisbane edition
Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Case study: Warren and Mahoney adopts digital tools to reduce its carbon footprint

Case study: Warren and Mahoney adopts digital tools to reduce its carbon footprint

King & Wood Mallesons Australia to give Gen AI tool to 1200 lawyers

King & Wood Mallesons Australia to give Gen AI tool to 1200 lawyers

ANZ continues work on data "one-stop-shop" for its Risk function

ANZ continues work on data "one-stop-shop" for its Risk function

E-commerce fraud losses to exceed $48 billion in 2023: Juniper Research

E-commerce fraud losses to exceed $48 billion in 2023: Juniper Research

techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.