With ransomware attacks more prevalent, the cyber risk landscape is becoming increasingly threatening. 2020-21 saw a 15 per cent increase in ransomware-related cybercrime compared with the previous financial year, as reported in the Australian Cyber Security Centre’s (ACSC) Annual Report.
During 2020-21, the ACSC responded to nearly 160 cyber security incidents related to ransomware.
Many organisations interviewed by MinterEllison said they had received additional budget to mitigate a ransomware attack – though few had developed a ransomware-specific playbook to implement should one occur.
Board awareness and education is also a primary concern as the risks escalate and the stakes become higher. New laws impose onerous new regulatory obligations on organisations across many sectors of the economy – particularly financial services organisations. Within that context, board members are increasingly exposed – both legally and reputationally – if they are not making informed and proactive decisions to manage cyber risk.
On top of these concerns, Australian organisations are finding it difficult to fill specialist cyber security roles. Finding qualified and experienced IT security personnel continues to be a significant challenge, exposing under-resourced organisations to additional risk. Cyber insurance is becoming increasingly difficult to obtain – and is not a panacea.
Technology and information security leaders noted cyber insurance is becoming increasingly more expensive and its coverage more limited – both in terms of the extent of policy exclusions and the lower available limits. Leaders recognise cyber insurance is not (and has never been) a panacea for cyber risk. They must continue to take proactive steps to strengthen their cyber resilience.