Two thirds of Aussie businesses suffer cyber-attacks: Symantec

More Australian businesses are sitting up and taking a good look at their security regimes in the wake of costly cyber-attacks and lost productivity, according to security vendor Symantec.

The vendor's State of Security 2011 study, which was conducted in April and involved 250 businesses, found that 67 per cent of the organisations surveyed had experienced a cyber-attack in the past 12 months.

In addition, 21 per cent had experienced an increase in the frequency of cyber-attacks. One hundred and fifty of the companies surveyed were small to medium businesses (SMB) and the remaining 100 were enterprise-level companies.

Symantec Pacific SMB director, Steve Martin, said that one in five of those attacks had cost businesses more than $100,000, with the key impacts being downtime as well as loss of revenue and customer data. The average loss for businesses as a result of a cyber-attack was $7925.

Half of the survey respondents experienced downtime while 18 per cent lost intellectual property, 13 percent had corporate data stolen and 11 percent experienced theft of financial data and credit card numbers.

Nearly one in four could not identify what sort of information was taken or affected as a result of a cyber-attack. However, they were able to identify the nature of attacks with 22 per cent citing growth in social media#8211;based and malicious code attacks.

While the survey took place prior to the CBA credit card breach and the Sony Playstation Network hacks occuring, Martin said increased publicity had drawn attention to the serious damage cybercriminals posed.

“The prevalence of data loss caused by cyber-attacks reported in this study highlights the need for more stringent cybercrime laws and legislative reforms that require companies to notify their customers of a data breach to be fast tracked in Australia," said Martin.

"We recommend that organisations take a proactive and holistic approach to their IT security that minimises the likelihood of data breaches caused by cyber attacks."

The survey also found that cybersecurity was more important to Australian businesses now than it was one year ago, with 37 per cent noting cybersecurity as being somewhat or significantly more important than one year ago.

Enterprises with more than 500 employees were more concerned about security improvements than smaller companies, with 44 per cent of larger companies believing security was more important compared to 32 per cent of smaller entities.

In addition to financial losses, companies were also concerned that trends such as mobile technology, social networking and the consumerisation of IT would compromise security measures.

Mobile technology was identified as the technology most respondents saw as increasing the difficulty of securing their operations, with 51 percent seeing it as a significant trend.

Forty five percent saw social media as introducing new difficulties, while 43 percent were concerned that employees bringing personal devices to the workplace would increase risk.

Symantec's survey results reflect a similar study conducted by WatchGuard last month with IT security managers at local security conference AusCERT.

Its results also revealed that 88 per cent of organisations were under more pressure this year than 2010 to protect against data loss, while the unsafe practices of employees accessing social networking sites and downloading content were a bugbear for 29 per cent of security managers.

Got a security tip-off? Contact Hamish Barwick at hamish_barwick at

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU


Copyright © 2011 IDG Communications, Inc.

8 simple ways to clean data with Excel
Shop Tech Products at Amazon