Following recent high profile data hacks on Optus and Medibank, industry leaders discussed their cyber security concerns at a lunch hosted by BDO and The Courier-Mail during Scams Awareness Week.

Aussie real estate agency Harcourts reveals names, addresses possibly compromised in cyber attack

Flybuys will raise its cyber security spend as hackers attack businesses

Russian hackers behind Medibank cyber attack release thousands more records

This year’s Scams Awareness Week campaign urged Australians to learn how to identify scams following more than $2 billion in reported losses last year. That number is expected to reach $4 billion this year, according to the ACCC’s Scamwatch.

Over the past 18 months, Brisbane-based Escalate Consulting has seen a spike in the number of Australian companies seeking out cyber awareness training.

“More than 90 per cent of boards and executive leadership teams have asked to do cyber related exercises, to the extent where we have a couple planned for early next year,” Escalate Consulting Associate Director Briony Morgan said.

“That’s where we’re seeing a lot more interest from executive teams and boards, is this acknowledgment that cyber attacks are happening and that they’re going to happen regardless of the security system or how mature it is.”

Ms Morgan said some of the exercises also revealed a need to improve funding for IT departments within companies.

“One of the interesting outcomes of some of the exercises is it’s highlighting this absolute gap in understanding and awareness of what exists, and often as an outcome of one of those exercises (it) might be let’s focus on this now,” she said.

John Chan, a risk and audit specialist with energy company Bravus, said in his experience, funding for IT departments needed to be improved.

“The head of IT, CIOs et cetera want funding and they want certain things to be done in order to improve the security posture,” he said.

“The focus is always about dollars because when it goes to the CFO, the first question is do we have the budget? What is this for? Do we really need it?.”

“IT, especially from what I have seen in previous roles, seems to be put down to the very bottom.”

Improvements to IT funding could put Australia in a better position to improve the monitoring of cyber systems.

BDO National Leader for Cyber Security Leon Fouche said in North America organisations tended to have a lot more funding available to better monitor their systems.

“Australian organisations do not have access to the same fundings as North American organisations,” he said.

“I have already seen an increase interest from Company Boards following the recent data breaches which will result in more funding being allocated to IT departments to provide better protection.”

For non-IT and small businesses relying on outsourcing to off-site providers, the success of this service depends on the provider’s activity.

“You’re relying on them to regularly check that those security services and backups are a) occurring and b) they’re fit for purpose and not corrupted or otherwise problematic,” BDO Forensic Services partner Stan Gallo said.

“It’s difficult particularly for companies that aren’t IT focused (because) you’re focused on your business, you outsource to providers to assist and when that activity is unsuccessful, you suffer as well.”

The leaders also recognised the demand for a future workforce with the necessary cyber skills.

“The other issue is the number of skilled and experienced people that will be needed in this sector in the future,” Lander and Rogers partner Vince Rodgers said.

“(Around) 30,000 will be needed in this sector over the years to come. Where will they come from? And what are the skill sets that they need?”

Mr Fouche said upskilling might be a way with “1,800 new roles created in cyber security per annum”.

“We need to keep in mind that people are also retiring or leaving the industry (and) you don’t get new people entering the market to make up the 1,800 new roles create every year,” he said.

“Our migration has slowed down so we don’t have access to that many skilled people coming in. I think it will now be more important than ever before for organisations retraining some of the skill set we’ve got.”