Experts urge Australian businesses to prioritise cybersecurity
ACT NOW OR PAY MILLIONS LATER: PRIORITISE CYBERSECURITY TO PREVENT CATASTROPHIC BUSINESS LOSSES
Australia’s leading cybersecurity experts have sounded the alarm, urging all businesses to prioritise cybersecurity planning in their FY26 budgets and invest in protecting their increasingly valuable data from being accessed by cyber criminals.
The warning from professional services firm RSM Australia comes after a spate of suspected cyber intrusions targeting several small to major Australian businesses, which led to significant financial losses for themselves and their clients, and massive reputational damage.
It also follows recent ransomware attacks on several Perth businesses across financial services, insurance, government and tertiary education industries that severely impacted these organisations’ internal operations including their ability to service customers.
RSM Australia Partner Cyber Security & Privacy Risk Services, Riaan Bronkhorst, who advises companies from his base in Perth, said a cyber-attack occurs every six minutes and can cost many millions of dollars, and all businesses regardless of their size, are vulnerable.
“Failing to invest in robust protection now risks crippling your business with losses potentially reaching hundreds of thousands of dollars, even into the millions,” he said.
“Organisations are exacerbating the problem by dragging their feet on cybersecurity investments as our recent research confirmed*, along with IBM’s Cost of a Data Breach Report 2024, which shows that the average cost of a cyber-attack is $4.17 million.
“The delay is reckless and could lead to catastrophic consequences for their businesses, particularly as we are living in a digital age, where cyber criminals are becoming more sophisticated and targeted in their attacks.
“To avoid falling victim to cyber threats there are ways for companies to minimise their risk and protect their sensitive data, and their reputation.”
Here are the top 10 cybersecurity tips from Mr Bronkhorst and the team at RSM Australia to help businesses budget for increased protection and cybersecurity:
1. Encrypt sensitive information
Your valuable personal belongings are protected within your homes under lock and key, so your business and customer data also need protecting from unauthorised access. Defining the different data types within an organisation is also crucial.
2. Run a cyber threat analysis
Undertake a risk or maturity assessment, which involves thinking about all the things that could go wrong and how likely they are to happen, to uncover potential gaps in compliance and operational resilience, and to identify threats and vulnerabilities.
3. Secure supply chains
Know who you’re working with at all times by performing regular vendor and third-party risk assessments/audits on key suppliers, especially those providing IT or cyber security services.
4. Protect your printers
This sounds simple but is often forgotten - enable security in the network they are connected to and enforce password printing to protect important information from ending up in the wrong place.
5. Evaluate crisis arrangements and rehearse incident response plans
Review recovery plans both within your organisation and those provided by vendors to ensure a "backup parachute" is always ready to be deployed in the event of an emergency. Put this to the test with a simulated exercise to identify any system weaknesses.
6. Unmask hidden vulnerabilities
Perform a comprehensive network (e.g., firewall) configuration review to identify and address potential weaknesses in systems. If these security systems aren’t set up correctly it leaves weak security spots, just like leaving doors unlocked, which makes it easier for criminals to steal your information.
7. Review user access permissions
Take a close look at who has permission to access sensitive systems and data to ensure only authorised users have access.
8. Know your obligations
Stay informed, review policies and regulations often and keep an eye on any new regulations that may have come into effect.
9. Assess monitoring tools
Identify if there is a need to upgrade or replace any custom use cases such as laptops, mobile devices, cybersecurity detection services and security operation centres.
10. Empower through education
Upskill users and business leaders with an understanding of Personally Identifiable Information (sensitive data that can identify them such as addresses or birthdays), phishing (deceptive emails), vishing (deceptive phone calls) and other social engineering techniques that manipulate people for sensitive information or access online.
