ABS stats show 11% of Aussie businesses suffered security incidents in 2017-18

Meanwhile 46% of Australian businesses said cybersecurity was not at all important.
Written by Asha Barbaschow, Contributor

The Australian Bureau of Statistics (ABS) has published new data on the IT landscape of Australian businesses, reporting that in 2017-18, 11% of those surveyed had experienced some form of internet security incident or breach.

While 71.5% of the 832,000 businesses surveyed said they did not experience some form of internet security incident, 17.7% said they did not know if they had.

Of those who experienced an internet security incident or breach, 37.7% suffered the corruption of hardware or software; 28.7% experienced the corruption or loss of data; 52% experienced downtime of service; 5.6% claimed for web site defacement; 7.5% experienced the theft of business, confidential, or proprietary information; 12.5% reported the loss of income as a result; 32.7% said the incident or incidents interrupted staff productivity; and 16.3% said there was no side effect.

Need to disclose a breach? Read this: Notifiable Data Breaches scheme: Getting ready to disclose a data breach in Australia

18% of total internet security incidents were reported by the manufacturing and wholesale trade industries.

Further to this, the ABS said in 2017-18, more than half of businesses with 200 or more employees upgraded cybersecurity software, standards, or protocols, representing 52%, compared to 34% of these businesses in 2015-16.

"Cybersecurity, internet security incidents and breaches indicators measure the trust businesses have for online business environments and their capabilities to protect themselves against digital security risks," the ABS wrote.

In 2017-18, 54% of businesses indicated cybersecurity was of some importance to their digital technologies, compared to 47% of businesses in 2015-16.

92% of businesses with 200 or more employees, the ABS said, indicated cybersecurity was of some importance in 2017-18. Overall, 46.2% of Australian businesses said cybersecurity was not at all important.

Of the 832,000 businesses surveyed, 515,000 employed only 0-4 people, 250,000 employed 5-19 people, 62,000 employed 20-199 people, and 5,000 businesses claim over 200 staff.

Construction was the most common business type, accounting for 151,000 businesses; while there were 124,000 businesses classed as being in professional, scientific, and technical services in Australia. The next closest sector was retail, with 72,000 businesses.

According to the ABS data, 42.4% of businesses used paid cloud computing services in 2017-18 -- meaning 57.6% did not.

63.5% of those flagged as information media and telecommunications had taken up cloud services, while the sector with the least cloud use was agriculture, forestry, and fishing, with only 25% of those businesses using cloud.

The main reason for limiting or preventing the use of paid cloud computing services was the risk of a security breach, with 13.3% of businesses concerned they would be hit if they moved to the cloud. 7.9% believe they would have problems accessing data or software if they moved to the cloud, and 3.7% cited the difficulties with unsubscribing or changing cloud computing service provider. High cost of cloud computing services was limiting or preventing 11.1% of businesses from going cloud, while 17.2% said they had insufficient knowledge of cloud computing services.

See also: Cloud computing: As the big vendors get bigger is it time to worry about lock-in?

9.5% said they were uncertain about the location of data, while 5.3% of Australian businesses had uncertainty about the available legal, jurisdictional, or dispute resolution mechanisms.

65.7% said there were no factors preventing cloud adoption.

Cloud technology was flagged as having high importance by 27% of businesses and 34.2% said it was not at all important.

5.2% considered data analytics capabilities to be of major importance and 67.6% considered it not at all important; intelligent software systems was considered not at all important by 67.3%, and as being important by 7.2%.

Internet of things (IoT) was considered as being important by 8.1% of Australian businesses and not at all by 61.5%.

Of those businesses surveyed, 72.3% claim there were no factors that changed business use of IT and/or the internet. Only 2.7% said the loss or reduction of digital skills or capability was a catalyst; but 7.7% said they wanted to enhance digital skills or capability.

A cyber-related incident drove 3.6% of businesses to focus more on IT, a sheer lack of access to digital infrastructure was cited by 7.7%, similarly 4.8% said they wanted improved access to digital infrastructure.

4.8% said competition from new market entrants pushed them into IT decisions, 2.2% said it was access to global markets, and 3.2% said it was the creation of new markets from online communities.

Further information provided by the ABS showed that 97% of Australian businesses have an internet connection, 54% have a web presence, 45% a social media presence, 62% place orders via the internet, and 41% receive orders via the internet.

45.6% of businesses are connected to the internet through DSL, 16.6% through fibre, 8% via cable, 14% have fixed wireless, 12.7% have mobile wireless, and 29% use satellite.

58.5% of businesses do not have automated links between systems, but 26.3% do for payments and invoicing.

The information comes by way of data collected from the ABS' Business Characteristics Survey (BCS).

Previously, statistics were published in three separate releases, but the ABS expanded the scope to cover information from all of the previous releases and has been renamed to Characteristics of Australian Business.


Editorial standards