Perspectives On Cyber Risk 2022

Welcome to MinterEllison’s seventh annual Perspectives on Cyber Risk report.

In light of recent global events, a concerted focus on cyber risk and cyber resilience is more pressing than ever for Australian organisations.

With the COVID-19 pandemic now entering its third year, and countries and communities adjusting to the ‘new normal’ of hybrid work, education and leisure, our reliance on information and communications technology (ICT) has continued to increase. This, in turn, has brought with it increased cyber security risks and challenges.

In addition, following Russia’s invasion of Ukraine, it was widely reported that Russia employed offensive cyber capabilities early in the war. Reports indicate that Russia has continued in its attempts to disrupt not only Ukrainian networks and systems, but also those of countries that have criticised or sanctioned it.

Even before the onset of hostilities, cyber security had been a keen area focus for the Australian Government, with the passage of significant amendments to Australia’s Security of Critical Infrastructure (SOCI) legislation in 2021.

However, shortly after Russia’s invasion, Australia’s Cyber and Infrastructure Security Centre (CISC) issued a warning to Australian organisations to urgently adopt an enhanced cyber security posture to address the increased threat of cyber attacks. Remarkably, CISC recommended that Australian organisations should begin voluntarily complying with the risk management program obligations in the second tranche of the SOCI legislation, even before that tranche had become law.

Subsequently, in the March 2022 Federal Budget, the Australian Government allocated A$9.9 billion over 10 years to the Australian Signals Directorate (ASD) to deliver a Resilience, Effects, Defence, Space, Intelligence, Cyber and Enablers package. This is the largest ever investment in Australia’s intelligence and cyber capabilities.

Within this context, there remains much for organisations to address in managing cyber risk – and it’s dominating Board and management agendas.

In this year’s report, we surveyed executive, legal and IT personnel across almost all sectors of the Australian economy to understand the impact cyber risk is having on their organisations – and what steps they’re taking to mitigate the risk.

Survey findings – combined with our interview insights from Chief Information Security Officers, Chief Technology Officers and Chief Digital Officers across a range of sectors – paint a telling picture of escalating cyber risk.

We also share an interview with Abigail Bradshaw CSC, Head of the Australian Cyber Security Centre (ACSC), about Australia’s cyber security landscape now and in the future.

In addition, we explore recent developments in ransomware, consider the evolving regulatory landscape (including the new SOCI laws), and provide insights from industry leaders on how businesses are managing cyber risk in an increasingly fraught geopolitical context.

Paul Kallenbach
Partner
Technology and Data