Australian Organisations Are Suffering More Ransomware Attacks Than The Rest Of The World

CrowdStrike has today released its global cybersecurity survey, which finds that over two-thirds [67%] of Australian organisations have suffered a ransomware attack in the last 12 months, which is higher than the global average of 57%.

Moreover, one-third [33%] of Australian organisations that have been subjected to ransomware attacks have paid the ransom, costing each business $1.25 million AUD on average. The percentage of ransom payments made by Australian organisations is higher than any other country in the Asia Pacific region, and more than the global average [27%].

Of those surveyed, 74% indicate that COVID has proven to be a catalyst for long-awaited approvals on security upgrades that can help identify and mitigate ransomware threats. The report also finds that more cybersecurity experts in Australia are more concerned about ransomware attacks due to COVID-19 [80%], which is more than the global average of 71%.

Australian organisations are also increasingly concerned about nation-state attacks in the wake of COVID-19 [62%], with 71% believing that nation-state sponsored attacks will pose the single biggest threat to organisations like theirs in 2021. In fact, more than eight in ten [82%] believe that attacks from China and Russia specifically pose a clear and present danger to Australia, and that growing international tensions will result in an increased likelihood for state-sponsored attacks [88%] due to increased motivation [85%].

2020 has certainly been a turbulent year and what with a strained trade relationship with China, the ongoing battle against COVID-19, a move to remote working and growing rates of employee burnout, cyber attackers are more motivated than ever to exploit organisational vulnerabilities.  

While over half of [59%] of Australian organisations report that COVID-19 has accelerated their digital transformation efforts by at least six months, 63% also state that COVID-19, along with the onset of remote working and lockdowns have made it harder for their organisation to prevent cyber attackers from reaching their objective. Australian organisations have also reported taking much longer than the global average to detect a cybersecurity incident – 140 hours versus 117 hours global average, with 61 per cent finding it even more difficult now to hire cyber security professionals than it was 12 months ago.

“The stream of high-profile ransomware attacks on Australian businesses in the last 12 months along with the growing complexity from ongoing remote working caused by the lingering pandemic as well as geopolitical tensions, should encourage all Australian businesses to get smart about cybersecurity,” said Michael Sentonas, Chief Technology Officer at CrowdStrike.

“It is critical that every business, regardless of size has a focus on cyber security, resiliency and privacy, not only for the sake of the business itself, but as a matter of protecting the economy, national security and the safety of all Australians as a whole.”

The CrowdStrike survey was conducted among 200 senior IT decision-makers and IT security professionals across Australia’s major industry sectors.