Deloitte establishes Cyber Intelligence Centre in Australia to link to its global network
Risks are evolving faster than business can react and businesses needs to transform their thinking about cyber security
4 February 2015: The threat to Australia’s cyber security is growing in severity according to global professional services firm Deloitte. “The average cost of a data breach per Australian organisation is more than *$2.5 million per year …and rising,” says Deloitte Cyber Risk Services Partner Tommy Viljoen. He pointed out that: “The average breach involved more than *20,000 records in Australia over the five years to 2014. And there was also a 25% increase in data loss between 2013 and 2014 globally.”
Viljoen added: “Given there is no legislation for breach notification in Australia and that most organisations are focussed on prevention as opposed to detection, there is significant under-reporting of cyber breaches in Australia.”
James Nunn-Price, who joins Deloitte in Australia this week, to lead Cyber and establish the Australasian arm of Deloitte’s chain of Cyber Intelligence Centres, explained that: “Cyber risks are a result of dynamic targeted threats. On an industrial scale they are focused at the digital assets, operations and information of the organisation. Both complex and severe, these risks are evolving faster than business can react.”
The national Cyber Intelligence Centre will link in with Deloitte’s existing Cyber Intelligence Centres in the UK, Europe, Canada and the United States.
Nunn-Price established the Cyber Intelligence Centre concept, overseeing its implementation in the UK in 2013 and its 24x7 services to clients. He was responsible for Deloitte’s overall information security, resilience and cyber advisory services to the UK Government, also personally assisting the London 2012 Olympic Games leadership team with cyber incident response, crisis management and forensics.
Nunn-Price was joined at the Cyber Intelligence Centre launch in Australia by Deloitte cybersecurity global leader, Kelly Bissell. Bissell who leads Deloitte’s global cyber practice said: “Our role is to help business better protect their critical assets against known and emerging threats across the ecosystem. We help them monitor and watch out for any pre-emptive threats, so they both detect and protect themselves against both known and unknown adversarial activity.
“It’s all about being secure and vigilant,” he said. “…and being sufficiently resilient to recover when incidents do occur.”
Australia’s Viljoen added: “In Australia businesses need what we term, ‘actionable intelligence’. They need to transform how they think about cybersecurity - building ever more secure environments and ever higher firewalls no longer works. The cyber-criminals are already on the inside. Knowing what’s happening, and working on the basis of having already been attacked, and preparing for even more complex and often apparently ‘insider’ attacks to happen again, is what’s now needed. It is transformational.”
Nunn-Price said: “Ninety two per cent of breaches are perpetrated by outsiders. These known external perpetrators come from organised crime (55%), state affiliated hackers (21%), activists (2%) and former employees (1%). Only 14%*** of breaches are by insiders, but this is rising**.
“More than three quarters of the breach incidents are caused by weak or stolen credentials. With rogue hardware and malware also frequent causes of breach or service denial. It is therefore important for all employees, contractors and suppliers to be aware of how criminals are targeting them with their well-planned attacks, often triggered by ‘apparent insiders’ who are already lying in wait within the organisation, ‘like cockroaches’.”
The global average number of breached records
The above graph shows that the average global cost of data breaches per organisation in Australia has increased almost three per cent in one year.
“Cloud computing, the world’s Internet of Things phenomenon – where each digital device is interconnected – the blurring of the personal and professional, and the ‘always-on’ nature of the internet, means costs associated with breaches are likely to continue to rise each year. So it is critical that organisations ensure their cybersecurity effectiveness,” Viljoen said.
“Add to this Deloitte Reputation@Risk research that shows there is an 80% chance of a company losing at least 20% of its value (over and above the market) in any single month due to reputation loss from the impact of a crisis – whether that be a cyber-breach or another disaster. These stats mean that cyber-security breaches are becoming top of mind for business leaders along with reputational risks.”
Deloitte/Forbes strategic risk research shows that regionally, the biggest impact of technology enablers and disrupters on established business models was in the Asia Pacific (including Australia), where 98% of respondents report having changed their business strategies. “We need business leaders to make sure they are sufficiently informed about the state of cybersecurity within their organisations. With new business models and corporate restructuring, new customer service and sales models, new sourcing and supply chain models, and inherently new applications and mobility tools, business leaders need to be able prepare for, respond to and recover from growing threats,” said Mr Viljoen.
The Cyber Intelligence Centre will link into the recently established Australian and South East Asian arm of the Deloitte global Centre for Excellence for Crisis Management.
** Source: 2014 Verizon Data Breach Investigations Report with the U.S. Secret Service, FBI, Deloitte, DHS and others
*** number overlap because some insiders and outsiders are in collusion
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/au/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.
Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries. With a globally connected network of member firms in more than 150 countries, Deloitte brings world-class capabilities and high-quality service to clients, delivering the insights they need to address their most complex business challenges. Deloitte has in the region of 200,000 professionals, all committed to becoming the standard of excellence.
About Deloitte Australia
In Australia, the member firm is the Australian partnership of Deloitte Touche Tohmatsu. As one of Australia’s leading professional services firms, and winner of both the Australian Financial Review/CFO Audit Firm of the Year and Accounting Firm of the Year awards 2013, Deloitte Touche Tohmatsu and its affiliates provide audit, tax, consulting, and financial advisory services through approximately 6,000 people across the country. Focused on the creation of value and growth, and known as an employer of choice for innovative human resources programs, we are dedicated to helping our clients and our people excel. Formore information, please visit Deloitte’s web site at www.deloitte.com.au.
Liability limited by a scheme approved under Professional Standards Legislation.
Member of Deloitte Touche Tohmatsu Limited
© 2015 Deloitte Touche Tohmatsu