Governments vulnerable to cyber-attacks, warns report


The Australian government’s high-profile cyber-security strategy has failed to make a dent in tactical planning, according to a new report by the Australian National University.

Despite the mantra of cyber-awareness, cyber-security is not high on the list of priorities for government, a recent report by the Australian National University (ANU) has warned.

This report, Weakest links and the Threat to Medium-sized Enterprises, has noted that knowledge of cyber risks is still inadequate.

The report was prepared by the ANU’s Dr Tim Legrand, National Security College, together with the Macquarie Telecom Group.

Currently, cyber-crime is the second most-reported economic crime, affecting 32 per cent of organisations. The cost to the Australian economy is estimated at $17 billion annually.

Among the government respondents polled during an ANU survey, 41 per cent acknowledged that executive teams and boards had poor or limited knowledge of cyber-risks.

No agency reported reviewing cyber-risk management monthly or weekly. “This contrasts with private business, where 31 per cent review cyber-risk management at least monthly. This reinforces the possibility that the culture of cyber security is not yet mature.”

Among the concerns, digital vulnerabilities cause considerable reputational damage. This was highlighted by cyber-attacks affecting the Australian Bureau of Meteorology, Yahoo, Sony and the Australian Bureau of Statistics.

The Commonwealth has committed to $230 million over four years to counter cyber-attacks. This funding is earmarked under the high-profile 2016 Cyber Security Strategy.

However, wider research involving governance suggests that boards have little awareness about the digital threats.

One survey found that more than 90 per cent of corporate executives said they cannot read a cyber-security report, and are unprepared to handle a major attack.

Additionally, 60 per cent of all attacks have targeted small and medium-sized businesses. Medium-sized enterprises pose a weak link in the chain.