Businesses in Australia are losing as much as AU$649m (US$514m) due to computer security breaches, according to a new report.
The Australian Institute of Criminology estimates that the cost of fighting IT security breaches cost between AU$595-$649 million in the 2006-07 financial year and that each security breach costs large businesses, on average, more than $49,000.
The report, titled ‘Australian Businesses Assessment of Computer User Security (ABACUS)’, surveyed 4,000 small, medium and large businesses across various sectors between February and April last year into their current IT security procedures and found that 14% of those surveyed had suffered from at least one breach.
The report put the average cost of a security breach at $2431 for a small business, rising to $12,405 for medium sized businesses and $49,246 for large organisations.
Institute criminologist Dr Russell Smith says the most common attacks were not targeted, but involved general methods such as viruses, spyware and phishing.
“We found that there was a generalised level of attacks across all industry sectors and all sizes of business, so I think that’s largely due to the way a lot of the attacks are disseminated, they’re non-discriminating, really looking at anyone who’ll respond to the invitation, such as with phishing attacks,” he said.
More than 85% of organisations claimed to use some form of IT security process, most commonly antivirus software with the estimated collective spend by Australian businesses on IT security being put at between $1.37 billion and $1.95 billion.
Despite this, Dr Smith claimed that it was surprising how little businesses understood about computer security.
“I think people who are running computers in their businesses really do need to take some steps to get some expertise and understand what they are doing, and particularly make use of the available security measures that are out there,” he said.