Parliament House, Canberra
Subjects: Stay Smart Online Week 2015, online safety
Well thank you very much Commissioner. And can I acknowledge, Alastair, for the sensational work that you've done in the brief time that you've been the Children's eSafety Commissioner. And also acknowledge that your remit does expand and go a little broader than your formal title might suggest. So I acknowledge the great work that you've done.
Well, it's a great pleasure for me to formally launch Stay Smart Online Week, where we're really seeking to highlight the importance for businesses and individuals to protect their personal and their financial information.
This week is going to have a particular focus on micro, small and medium size businesses who are understandably time poor. They're busy running their businesses but what that can mean is that they are particularly vulnerable to attack by criminals. And regrettably, criminals do have an appreciation of that vulnerability.
And again, regrettably, as the online economy and online business grows, that does create further opportunities for criminals to seek to steal information, seek to steal data, and seek to disrupt businesses.
That is a function of today's connected world so it's important in a sense that we pause during this week and seek to draw attention to that.
Unfortunately we know that this will be an ever present threat so we do need to be eternally vigilant. And eternal vigilance can involve things that are quite straightforward such as making sure that you have strong passwords, that you're wary of scams, and also importantly, that you make sure that you have security software that is continually updated.
We also have, what I guess you might call, the human factor where individuals who work in particular businesses may not appreciate fully the environment that they're operating in, and some of the vulnerabilities that are there.
Again, the human-factor, employees will sometimes bring and store information from their personal devices to an office device and that can introduce a malware or a virus.
So I do encourage businesses to make sure they put in place security measures to make sure they protect their client and financial information. Very basic measures can make a big difference.
There's some research that's recently been undertaken which I think bears out some of these issues.
The Global Economic Crime Survey conducted by PricewaterhouseCoopers in 2014 indicated that over 33 per cent of businesses in Australia have experienced a cybercrime incident.
Research undertaken by my own Department through Essence Communications earlier this year provided insight into the perception of online security practices and some of the barriers that small businesses face.
Respondents indicated that there is a high awareness of personal identity theft, scams and stolen data (around 90 per cent) and the importance of not clicking on links that might expose them to risks. And while over a third said that they or someone they knew had experienced a scam or phishing, they failed to translate this in a business sense. They failed to take the necessary action to prevent and mitigate this sort of activity.
86 per cent of small businesses recognised the risk of stolen data. However, small businesses are more vulnerable to online information being stolen because they are not taking the action to protect themselves.
Often, they'll believe that they have little online information that is relevant to anyone else. I guess it's a sense of 'who could possibly be interested in me and my business and what it is that we do?' This ignores some of the activities that criminals may take, such as hacking into their system, locking data and demanding a ransom. So it's not just stealing information, it can be in a sense that ransom style activity.
And obviously there's no guarantee that if a business paid a ransom that would get access again, or returned to them, what is theirs.
The biggest perceived impact of cyber-crime is loss of income (54 per cent) followed by damage to reputation (46 per cent), loss of information and data (45 per cent) and loss of clients (39 per cent).
Now, there's a real cost to these sorts of activities. Research conducted by Symantec-Norton estimated in 2013 that the cost of cybercrime to Australia was $US1 billion and increasing.
Research by the Ponemon Institute suggests the indirect costs to Australian businesses as a result of a cyber-attack include business disruption by 40 per cent, 29 per cent on information loss, 29 per cent on productivity loss, 25 per cent on revenue loss, and 4 per cent on equipment damage.
And the average time it takes for a business to resolve a cyber-attack is 23 days, which is a phenomenally big chunk of time, particularly for a micro business, a small business or a medium business.
And if the attack was performed by an insider, employee or contractor, that period of time it takes to resolve the issue rises to 51 days.
The average cost of a cybercrime attack to an Australian business is $276 000 and over half of this cost is on detection and recovery.
Globally, 60 per cent of businesses that experience a cybercrime go out of business within six months of the incident occurring – I'll just repeat that: 60 per cent of businesses that experience a cybercrime go out of business within six months of the incident occurring.
And the most common reasons cited by small business for why businesses don't protect themselves was lack of expertise (46 per cent), lack of budget (44 per cent), lack of time (35 per cent) and no access to IT security specialist (32 per cent).
So the priority for businesses is to focus on delivering their goods and services, absolutely, but that leaves online security neglected, or potential threats not even identified and that's something businesses need to change in their own interests.
Now as a government, we're seeking to do what we can to help, not only through this week, not only 3
through partnerships with other organisations to raise awareness but we have produced the Stay Smart Online Small Business Guide to help those organisations who have low awareness about the things that they need to do.
I should acknowledge that we were assisted in developing the Guide by the ANZ Banking Group, the Commonwealth Bank, the National Australia Bank, Westpac, Australia Post, Telstra and nbn. Thanks indeed to those organisations for their efforts.
The Guide is available online at Staysmartonline.gov.au and it gives me great pleasure to officially launch Stay Smart Online Week and the Stay Smart Online Small Business Guide.
And as I say, we should take the opportunity of this week to pause for a moment to reflect on what it is that we all need to do to protect ourselves online.
Thanks very much.
Luisa Anderson | 0417 309 812 | Luisa.anderson [at] communications.gov.au