No matter how prepared they think their business is, the chief executives believe a risk of a crippling attack is real and have highlighted how little control they have as it can unknowingly come from anyone they do business with.

Cyber was the overwhelming response to a question about what keeps chief executives up at night as part of The Australian’s 2024 CEO Survey.

More than 80 leaders from companies including BHP, Commonwealth Bank, Wesfarmers and Woodside were asked about their views on a range of topics from the economy, the energy outlook and reform. The responses represent the most comprehensive snapshot of the mood of corporate Australia heading into the new year.

The Australian will run the series over the next week while a selection of CEO responses will be published over summer.

But it was the constant threat of a cyber attack that CEOs overwhelming nominated as likely to impact or disrupt their business within the next 12 months.

“In truth, my greatest fear – the so-called 3am thought – is the threat of cyber-attacks,” said Judo Bank chief executive Joseph Healy.

“Making sure that everyone within the business is alert to this risk and takes personal responsibility to protect the bank is critical and is something that I am completely focused on.”

Australian business has already seen the fallout from cyber attack in the past 18 months when data stolen from companies such as Optus, Medibank and Latitude Financial affected millions of customers.

Last month the nation’s biggest port operator, DP World, shut down ports across Australia after it too discovered it been hit with an attack. Attempts are expected to become more frequent.

As well as unnerving customers caught up in the attacks, the hacks have had a huge financial cost, and cybercrime is now a multibillion-dollar industry. Because those behind the crime are nearly always based offshore the activity is becoming harder than ever to stamp out.

The prospect of cyber threats, such as data theft and ransomware, presented far greater risks to their businesses than other forms of cyber disruption like terror-linked attacks or spyware.

Insurance Australia Group chief executive Nick Hawkins said his organisation heavily invests in cyber and data security controls, and has multiple layers of defence in place.

“But that doesn’t mean the risk goes away,” Mr Hawkins told the survey.

Paul McKenzie, of healthcare and vaccines manufacturing major CSL, said no matter how well prepared you think you are, the threat of a cyber attack can often be beyond your own control. Indeed a vulnerability can come from a supplier to one of your own suppliers.

“We’ve seen many examples where one company has a breach, but many other people and organisations are affected. The contagion can be a scary thought,” Mr McKenzie said.

Wisetech chief executive and multibillionaire Richard White suggested that government examine the role of cryptocurrencies, as a crackdown would likely help deter cyber criminals from targeting Australian companies.

“Anyone not focused on cybersecurity as a critical need is risking major disruption and reputational damage. No-one is completely impervious,” Mr White said.

Owen Wilson of realestate.com.au owner REA Group said every business should be focused on how the data they collect can impact consumers.

“As we’ve seen this year, anyone can be targeted. Businesses also need to think beyond their own operations to include third-party suppliers in their planning and mitigation of potential exposures,” Mr Wilson said.

All of the major bank bosses ranked cybersecurity at the top of their own external threats list. This is a consistent message from the sector given they collectively face millions of attacks on their systems each week.

At the same time, National Australia Bank boss Ross McEwan said technology was making scams more sophisticated and this was hurting ordinary Australians. Latest official estimates put local losses to tech-based scams at $3bn last year.

“I hear and see of the terrible toll this takes on customers. Multinational criminals are targeting Australians every second of every day,” Mr McEwan said. He said businesses has a role in helping to educate and protect customers from scammers, as well as investing in the latest technology to help minimise the threat.

Beyond cyber, geopolitics ranks high as an external threat to chief executives who oversee export-focused companies.

“We are living in a world of heightened uncertainty,” said BHP chief executive Mike Henry. “And the terrible tragedies and geopolitical instability we have seen across the globe will continue to impact Australia and world trade.”

Mr Henry noted Australia was entering the new year facing a global economic downturn marked by a slower recovery in China, falling growth in the US and Europe, and broad inflationary pressure.

Geopolitical shocks and market conditions were also top of mind of external threats for UBS Australia chief executive Anthony Sweetman.

Woodside chief Meg O’Neill took aim at federal and state governments, arguing the uncertain regulatory environment created the greatest external pressure for companies like Woodside. The oil and gas major, which is involved in talks for a possible merger with smaller rival Santos, was among those caught out in the federal government’s sudden domestic gas price cap last year.

“Businesses need certainty so we can continue to invest and deliver our much-needed products to customers in Australia and around the world, and to ensure we are internationally competitive,” Ms O’Neill said.

Meanwhile, Coles chief executive Leah Weckert said the Covid-19 pandemic and extreme weather events of recent years showed how vulnerable Australia was when it came to getting critical supplies to many parts of the country.

She said the supermarket operator was planning around this, including taking into account the potential for bushfires and heatwaves this summer. Part of this involved putting on additional supplies, as well as storage of basic food and water that were most in demand when natural disasters hit.

Originally published as Cyber shock the one the thing keeping our nation’s CEOs awake at night