'

Business interrupted: Telstra reveals Australia's security breach impact

Nearly a quarter of Australian organisations have suffered an interruption to their business due to an IT security attack or breach over the past 12 months, according to new research by Telstra.

A study into digital security carried out by Telstra has highlighted the impact to business caused by online security attacks and breaches, with IT and telecommunications, oil and gas, and government sectors among the hardest hit industry sectors.

The Telstra Cyber Security Report 2014 (PDF) found that nearly a quarter of all the organisations surveyed had suffered some kind of business interruption due to an IT security breach during the past 12 months.

When the time frame of review was stretched to five years, that figure climbed to nearly 60 percent, according to Telstra. Additionally, 41 percent of organisations reported that they had detected a major security breach within the past three years.

"However, even those figures tend to understate the scale of the challenge with which organisations are grappling," the report said. "The majority of Australian organisations we surveyed reported that they detected some sort of attempt to breach their IT security on a weekly or monthly basis.

"Notably, every mining company we surveyed said such incidents were a weekly or monthly occurrence," it said.

Telstra said one of its most concerning findings was that of the organisations that had experienced some kind of breach in the past three years, 15 percent did not know it had happened. In cases where an organisation did know the source of the incident, email-borne viruses were the most common, accounting for 45 percent.

The survey also found that a data breach incident was three times more likely to be caused by an employee, a situation which accounted for 27 percent of incidents, while external attackers made up only 9 percent.

That said, 38 percent of organisations reported that their most recent attack was due to cybercrime, with viruses accounting for 31 percent, suggesting that malicious hackers are becoming more active.

The report drew upon analysis of security event data gathered from Telstra infrastructure, security products, and third-party security partners. The company also engaged the services of research firm Frost & Sullivan to understand the security market dynamics.

It found that public image concerns in relation to data breaches among businesses appear to be rising, with 22 percent of the organisations surveyed perceiving damage to reputation to be the greatest risk they would face due to security breaches.

This was on par with concern stemming from productivity losses from such data breaches, and, surprisingly, one percentage point higher than the concern felt among respondents for financial loss arising from data security incidents. Meanwhile, the vast majority -- 80 percent -- of businesses perceived their readiness to respond and mitigate an IT security breach as inadequate.

Given the heightened level of awareness of security online, it comes as no surprise that 84 percent of CEOs, CFOs, and COOs, and -- strangely -- 71 percent of CTOs and CIOs are getting involved in the final stages of decision making of IT security services spending, according to the research.

Telstra recommended that business leaders rise to the security challenge and change corporate culture to ensure that security investments are considered early, often, and at the highest levels of an organisation.

"They must then ensure security investments deliver what the business needs, including assurances of safe operations and brand protection," said the report.