Customers deserve privacy, as Mr Koczkar says. But paying extortion would be unlikely to help. It might even leave customers worse off, making Medibank and other Australian companies even bigger targets. A report last year by international IT security company Sophos found as few as 8 per cent of companies that had paid a ransom in 30 countries retrieved all their stolen data.

Medibank’s response is consistent with government advice. The Australian Cyber Security Centre, in line with most governments around the world, advises companies and other organisations not to pay ransoms demanded.

“There is no guarantee cybercriminals will decrypt files once the ransom is paid and there is a chance that files may not be recoverable,” the ACSC warns. “The link provided to the victim directing them to information about payment and contacts may inadvertently install further malware on to the victim’s system or network. Payment of a ransom demonstrates a willingness to give in to criminal demands. The willingness of Australian organisations to pay ransoms can perpetuate further criminal activity and may result in unnecessary diversion of investments away from the Australian economy.”

Cyber hacking is an international issue that warrants action by the G20 and other multilateral bodies, as well as by security sources in Australia. A recent survey of more than 1000 IT professionals around the world, including in Australia, by cyber security company Mimecast, found one in five had been asked to pay between $500,000 and $999,999 for the return of information, with 13 per cent asked to pay $1m to $2m. The problem must be tackled more rigorously at local and global level.

Cyber security companies nominate the lack of highly skilled IT professionals as a significant part of the problem of Australian organisations in protecting data. A recent survey of IT leaders in large companies by cyber security company Rubrik found that 96 per cent of those in Australia were concerned they would not be able to maintain business continuity if they were hit by a cyber attack in the coming year. Such findings reinforce the importance of specialist training and skilled immigration.