Although the $81 billion a year financial and insurance industry was a "target of choice" for cybercriminals, little was known about the scale of crimes perpetrated against it, a report from the Australian Institute of Criminology released today showed.
Institute researcher Raymond Choo said the sector's reliance on information and communications technologies put it at greater risk than other sectors.
"And the size of the industry exposes it to a wide spectrum of financially-motivated cyber criminal activities," Dr Choo said.
"Rapid changes in technology mean we are still yet to uncover the true extent of cybercrimes
committed against businesses."
The paper, Cyber Threat Landscape Faced by Financial and Insurance Industry, said that information security was a shared responsibility between users, government and the IT industry.
Respondents to the survey reported losses of $49 million in the 2007-08 reporting period. About a third said they had survived an attack. Financial services were more likely to be targeted by cybercriminals than health care, construction, mining or arts and education.
Areas of particular concern were:
- Malware and spyware
- Insider threats and loss of company secrets
- User awareness of threats to them and their organisations
- Poor patch management
- Unnecessary administrative privileges
- Need for application 'whitelisting'
- ATM fraud
- 'Spear phishing' or targeted fraud against individuals
Institute director Adam Tomison wrote in the foreword that globalisation and better technology opened Australian financial institutions up to more threats from overseas.
"Cyber criminal activities will increasingly affect the financial security of online business," Tomison said.
"It is widely accepted that the financial and insurance industry is the ‘target of choice' for financially motivated cyber criminals. Yet there is a lack of understanding about the true magnitude of cyber crime and its impact on businesses."