2020 Cyber Security Survey

How COVID-19 has shaped the cyber security landscape

In 2020, there was a global shift in the way organisations do business. Conversations turned digital, social distancing became the norm, and technology replaced paper.

Most industries had to adapt to survive, in one way or another, through the COVID-19 pandemic. Digital progress expected to take years occurred in months, bringing cyber security to the fore.

Our 2020 BDO and AusCERT Cyber Security Survey sought to identify the finer details of these digital shifts and find out whether business leaders had changed their cyber security priorities.

For the fifth year in a row, we surveyed organisations across Australia and New Zealand, allowing us to clearly unpack the COVID-19 pandemic’s impacts on cyber - detailing significant shifts in the way organisations are impacted by, and responding to, evolving cyber threats.


Shifting attitudes to cyber

Our survey results showed a definite change in attitudes amongst organisational leaders when it came to cyber security preparedness. COVID-19 was a ‘cyber reality check’.

Many organisations responded to the pandemic’s impacts by investing in IT and cyber controls to manage the risk introduced by the rapid adoption of cloud and remote working solutions. Yet, even the leaders of these organisations quickly realised they weren’t as prepared for cyber risk as they thought they were. As a result cyber risk reporting to boards rose significantly to meet the demand from leaders for greater insight into their organisation’s cyber security landscape.

Having weathered the height of the COVID-19 experience in Australia in New Zealand, many respondents now recognise that cyber security is not a set-and-forget issue, but instead it requires constant oversight, investment and improvement to manage risks. COVID-19 emphasised that cyber is a business imperative, not just an IT issue.

This reality check is what the industry needed, because it was likely a key factor contributing to the significant increase in cyber controls adopted by respondents during 2020. Unfortunately, many respondents were still overconfident and underprepared when it came to managing their cyber risk, making them susceptible to attack.


Evolving threats

Each year we identify the top five controls organisations invest in.  This year, respondents who implemented those top five controls experienced almost a third fewer incidents than those without, and they were more likely to report complete alignment between their cyber capability and business strategy.

Industries also had to be flexible in how they operate. With more people working from home than before, it’s no surprise the types of incidents experienced have changed, with data breaches doubling and ransomware on the decline compared to the previous year.

Respondents indicated a significant increase in data breaches caused by malicious hacking and accidental disclosures by staff, which can be attributed to IT support challenges during remote working and a lack of preparedness for increased cyber attacks during the COVID-19 pandemic.


Foreign interference

The Australian Government’s 2020 Cyber Security Strategy highlighted the threat of foreign interference and state sponsored cyber attacks. Respondents indicated that nation state attacks remained active, with these attacks rising since last year and doubling since 2016. In 2020, respondents saw more suspected nation-state activity than ever before.

Given the increased interest from foreign governments, our supply chains are at greater risk, especially for those respondents who were not cyber-ready before COVID-19. These findings highlight the importance of conducting third party risk assessments to build resilience through our supply chains, something that has been a driving factor in the Australian Government’s push to secure our critical infrastructure sectors.


Adaptation is key to winning the battle

With the COVID-19 pandemic continuing to present a range of unique challenges, the cyber risk landscape will continue to change.  Business owners and leaders need to stay on top of the cyber risks within their organisations and implement appropriate strategies to mitigate these. 

The 2020 Cyber Security Survey Report is a valuable tool that marks the first step in helping your organisation stay ahead of the curve. It allows you to benchmark your approach against industry peers, by equipping you with trend data to assess your organisation’s strength and weaknesses.