Managing cyber security risks – Report 3: 2019–20

Protecting important information assets with secure systems is critical to Queensland’s economic and security interests. The Global Risks Reports produced by the World Economic Forum in 2018 and 2019 found that ‘data fraud or threat’ and ‘cyber attacks’ are in the top five most likely global risks in terms of likelihood (along with environmental risks).

A Microsoft-commissioned study by Frost and Sullivan (a research and consulting firm) estimated the potential direct economic loss of cyber security incidents on Australian business as $29 billion per year. When factoring in other indirect costs—such as damage to business reputation and loss of customer base—the actual loss is even higher.

Media reports show an alarming trend of growing cyber security attacks and corporate espionage by foreign state-sponsored hackers and criminals targeting Australian Government entities. These are organised, targeted, deceptive cyber attacks intended to compromise Australia’s economic interest, and national security.

The 2017–18 Cyber Security Survey, conducted by BDO Australia and AusCERT, stated that organisations seeking to enhance their cyber security capabilities will need to get a better understanding of the cyber threats related to them and their industry. The survey report identified the following threat actors (those conducting malicious activities against entities):

• hacktivists—who target computer networks to advance their political or social causes
• criminals—including individuals and sophisticated criminal groups who steal personal information and extort victims for financial gain
• insiders—who typically steal their organisations’ information for personal, financial, or ideological reasons
• nation-states—who target systems to steal sensitive state secrets for economic and political advantage.