Cyber in 2023: evolving threats and resilience

2022 saw a significant increase in cybersecurity awareness across corporations and communities in Australia.

In the past 12 months, cyber attacks have accelerated, as forecast. These attacks have placed organisations in the spotlight and publicly challenged their reputations. Worst, they have impacted a large portion of Australia’s population.

Cybercriminals pursued higher profile targets than before, peaking with headline-grabbing data breaches at Optus and Medibank. Combined, the two breaches impacted more than 10 million consumers, leaving the community with a lingering sense that these instances may only get worse.

As we predicted, 2022 saw greater momentum around the introduction and evolution of regulations and guidelines to foster and drive a national uplift in cyber defences across industries.

On the legal front, the Australian Securities and Investment Commission launched its first Federal Court action with a case alleging cybersecurity failures at financial institution RI Advice. It set a strong precedent in the Australian financial industry, adding further weight on the accountabilities of directors and corporate officers with regards to cybersecurity.

The Australian Institute of Company Directors, in collaboration with the Cyber Security Cooperative Research Centre, also established a benchmark for all businesses. publishing five cybersecurity governance principles and further reinforcing the accountability of board directors around cyber risks.

As those at the top came to terms with impending change, cybersecurity cemented a place among rock-solid career choices for both new job seekers and experienced workers seeking more promising roles in ‘the great reshuffle’. Employee-driven data breaches – the ‘human threat’ – also became more apparent.

By the end of the 2021-22 financial year, The Australian Cyber Security Centre’s annual figures showed cyber attacks having risen 13 per cent.1 The 76,000-plus cybercrime reports equated to one every seven minutes, compared to one every eight minutes the year prior.

Heading into 2023, it is clear organisations will face new and more insidious methods of data theft, operational disruption and reputational damage. We predict threat actors to continue successfully exploiting the human element with the increased use of sophisticated means, including AI and deepfake technology. Critical infrastructure providers will be subject to further scrutiny in their cyber resilience, particularly in a degrading international and geopolitical order.

Following the legislation of increased penalties for companies that fail to protect customer data, privacy laws will be modernised in the coming year. A range of changes are expected that will provide citizens with greater privacy protection and corporations with a mandate to improve their data protection practices. We will also see changes around the protection and retention of client data as consumers demand greater transparency on how their personal information is handled.