One in ten Aussie businesses suffered IT breaches last year

One in ten Australian businesses experienced some kind of cyber security incident or breach last financial year, new data released by the Australian Bureau of Statistics reveals.

The data published on Tuesday also shows that almost 18 percent of businesses weren’t aware if they had suffered a incident or breach in 2017-18.

Collected during an annual survey of Australian business characteristics that focused on IT use, the data shows the vast majority of the 832,000 businesses examined experienced no “internet security incidents or breaches”.

But more than 28 percent of businesses surveyed reported having either experienced an incident or breach (10.8 percent) or, more worryingly, did not know (17.7 percent).

Of the approximately 89,856 businesses that experienced either an incident or breach, the highest proportion of businesses fell into the wholesale trade (17.6 percent) and manufacturing (17.5 percent) industries.

This was followed by the rental, hiring and real estate services industry (13.9 percent), professional, scientific and technical services industry (12.6 percent) and information media and technology industry (11.3 percent).

For businesses that did report a beach or incident, downtime was the most common impact of the breach or incident at 52 percent, followed by corruption of hardware or software (27.7 percent) and corruption or loss of data (28.7 percent).

The survey said that just over half of all businesses considered cyber security to be of “some importance to their digital technologies” in 2017-18, which is slightly up on the 47 percent that considered it important in 2015-16.

This figure jumped to 92 percent for business with 200 or more employees, though this group were also the most likely to report a security incident or breach (19.2 percent) or not know (24.5 percent).

More than half of business with 200 or more employees said they had upgraded their cyber security software, standards or protocols during 2017-18, compared with only a third during 2015-16.

Cloud adoption continues to climb

The survey also reveals that businesses’ appetite for cloud continues to grow, with 42.4 percent of using some form of paid cloud service in 2017-18 – an 11 percent increase on 2015-16.

The ABS defines cloud computing as ““IT services that are used over the internet to access software, computing power or storage capacity”.

Businesses with 200 or more employees were again found most likely to be using cloud services (76.4 percent), followed by businesses with between 20 and 199 staff (65.7 percent).

Software was the most likely use for paid cloud computing (88.6 percent) and storage (61.1 percent).

The survey indicates that insufficient knowledge of paid cloud services was the greatest factor limiting or preventing use during 2017-18, with risk of security breach (13.3 percent) and high cost (11.1 percent) also scoring high.