Half of Australian Businesses Pay Ransoms Against ACSC Advice

According to a survey conducted by a global cyber security firm, nearly half of Australian businesses have succumbed to the demands of cybercriminals, paying a ransom after falling victim to a cyber attack. This alarming statistic underscores the severity of the situation and highlights the vulnerabilities that many organisations are facing in today’s digital environment.

Here are some highlights from the report. 

"Navigating the New Security Landscape: Australia Cybersecurity Readiness Survey"

A Growing Threat Landscape

The report paints a bleak picture of the current state of cyber security in Australia. Key findings include:

• 41% of organisations reported experiencing at least one data breach in the past 12 months.
• 33% of businesses had been breached 11 or more times within the same period.
• 50% of businesses affected by ransomware admitted to paying the ransom.
• This figure is somewhat better than the broader Asia-Pacific region, where 70% of businesses have paid ransoms.

The frequency and severity of these attacks are not just increasing—they’re skyrocketing.

Industries Under Siege

The report highlights that manufacturing, transportation, and education are the most frequently targeted industries in Australia. Some of the alarming statistics include:

• 63% of Manufacturing Firms reported being breached in the last year.
• 57% of Transportation Companies were targeted.
• 48% of Educational Institutions fell victim to cyber attacks.

The data most coveted by hackers includes customer information (62%), financial data (55%), and user access credentials (52%).

The Financial Toll

The financial impact of these breaches is staggering.

Key financial insights from the report include:

• 79% of Australian businesses are now allocating at least 10% of their IT budgets to cyber security measures.
• Regulatory and compliance costs are rising, with 32% of organisations spending more than 5% of their IT budgets on compliance.
• 31% of businesses are exceeding 10% of their IT budgets on compliance costs alone.

Recommendations from the Australian Cyber Security Centre (ACSC)

Simply put, the ACSC recommends that Australian businesses NEVER PAY A RANSOM, and instead:

Step 1: Record important details
It is important to record important details about the ransomware attack to help you:

• Ask for help from an IT professional (such as Diamond IT).
• Make an insurance, bank or legal claim that may follow after the attack.
• Make a report to the ASD's ACSC through ReportCyber.
• Tell your family, colleagues or authorities that there has been an issue.

Complete this step as quickly as possible, as the ransomware could still be spreading through your device and network.

Step 2: Turn off the infected device
As soon as you have recorded details about the ransomware attack, turn off the infected device by holding down the power button or unplugging it from the wall. For most people, this is the best way to stop the ransomware from spreading.

Step 3: Disconnect your other devices
Ransomware can spread across networks. If there are other devices on your network, you should turn them off too. Start with the devices that are most important to you. Important devices typically include things like Network Attached Storage (NAS) devices, servers, computers, phones, tablets and any other devices that store valuable information.

Step 4: Change your important passwords
Some forms of ransomware steal your passwords. It can be difficult to know what information ransomware has accessed so, as a precaution, you should change the passwords for your accounts as soon as possible. Start with your most important accounts first.

As you change your passwords, consider enabling multi-factor authentication on supported accounts. Multi-factor authentication makes it harder for cybercriminals to get access to your accounts. 

How Can Diamond IT Support Your Cyber Security Defences?

Diamond IT can help you ensure your technology, policy and staff education programs align with best practice to protect you from the ever-evolving cyber threat landscape. Our Business Technology Managers (BTMs) are specialists in improving your internal cyber security.  

• Managed IT Support with Cyber Security.
• Cyber Security Awareness Training. 
• Cyber and Data Breach Consulting and Forensic Analysis.
• Disaster Recovery (DR) Planning.

If you need advice on how you can ensure your cyber security strategy is fit for purpose our team of cyber security experts are ready to help. Contact our team on 1300 307 907 today.