Cyber crime

Cyber attacks are CEOs’ biggest fear – but are they scared enough?

photo of niek dekker
Niek Dekker
4 Min
Worried CEO contemplates cyber attack

We’ve all had the ‘3am thought,’ the nagging fear that keeps us awake in the middle of the night. 

For CEOs, it’s the thought of cyber attacks that’s keeping them up. 

Australia’s corporate leaders – including those from top companies like BHP, Commonwealth Bank, and Wesfarmers – have unanimously identified cyber threats as the principal external threat to their operations. This was one of the biggest takeaways from The Australian’s 2024 CEO Survey, which distils insights from over 80 leaders across various sectors and provides a snapshot of corporate leaders’ priorities heading into 2024. 

The unfortunate reality is that leaders should be worried. But will that fear translate into meaningful action in the new year? It hasn’t always. 

Well-founded fears: the growing threat of cyber attacks

Data tells us that leaders are right to be afraid of a cyber incident. The latest threat report from Australian Signals Directorate found that Australians face a cyber attack every six minutes – an increase from the previous year – while businesses lose hundreds of millions of dollars to scams like business email compromise (BEC). And ransomware attacks can have ramifications that extend well beyond financial losses, including permanent reputational damage and regulatory investigations that can drag on for years.

Recent cyber incidents involving major firms such as Optus, Medibank, and Latitude Financial affected millions of customers and have underscored the enormity of this threat. Cybercrime, now a multibillion-dollar industry, poses significant financial costs and continues to escalate with the involvement of offshore criminals.

These threats show no sign of abating in 2024. Dark web marketplaces are seeing a boom in users, with fraudsters peddling corporate user credentials and financial information for paltry amounts of money. And this year saw the addition of newly hot commodities: malicious AI tools, similar to ChatGPT but specifically designed to facilitate illegal activity.

Finance leaders share CEOs’ cyber concerns

A recent Eftsure survey found similar fears among finance leaders, revealing that 90% of finance leaders see cybercrime as a growing issue. And a whopping 98% of CFOs say it’s a growing threat. When asked about undetected fraud in their own organisations, a majority (60%) say they’re concerned about it.

Another reason to worry? Very few were clear on who owned digital fraud prevention or accounting software integrity in their organisations. Since most cybercrime is financially motivated, finance and AP teams have a critical role to play in protecting businesses from the fallout of cyber incidents. Yet many are skipping key anti-fraud controls – including a quarter of small businesses skipping all anti-fraud control procedures entirely.

Even if your organisation has strict security procedures and defences in place, do all of your suppliers? Does every small business within your supply chain?

Cybercriminals’ resourcefulness and growing arsenal of tools aren’t the only factors that should worry you – the interconnectedness of business security and the opacity of many of your partners’ security protocols should also have you thinking harder about your vulnerabilities in 2024.

Defensive strategies: corporate responses to cyber risks

In response to these growing threats, leaders like Judo Bank’s Joseph Healy and Insurance Australia Group’s Nick Hawkins emphasise the importance of internal vigilance and robust cyber and data security controls. However, they acknowledge that the risk remains, often exacerbated by vulnerabilities in supply chains.

Meanwhile, the federal government’s national cybersecurity strategy aims to uplift Australia’s cyber resilience over the next six years. But many of these measures are staggered over several years, and some are long-term solutions whereas businesses need to find solutions for protecting themselves right away.

Beyond cybersecurity: a new age of uncertainty

While cybersecurity dominates concerns, Australian CEOs are also wary of geopolitical and trade issues. BHP’s Mike Henry and UBS Australia’s Anthony Sweetman point to global economic downturns, inflationary pressures and geopolitical instability as significant external threats.

Executives like Woodside’s Meg O’Neill and Coles’ Leah Weckert also highlight challenges posed by the regulatory environment and supply chain disruptions. The pandemic and extreme weather events have revealed Australia’s susceptibility to supply chain shocks, but the general uncertainty and unpredictability make it difficult for businesses to strategise accordingly.

The bottom line is that there’s a lot that sits outside of leaders’ control. You can’t control extreme weather events or tragic geopolitical upheaval abroad, but you can control which steps you take to mitigate cyber risks.

A need for collective vigilance

The collective voice of Australia’s corporate leadership in the 2024 CEO Survey is clear: cybersecurity stands as the most pressing concern, requiring both internal vigilance and broader structural changes to address an ever-evolving threat.

For finance leaders, that means considering the importance of collaborative cybersecurity – by that, we mean cross-functional approaches that embed security solutions into every process. We know from Eftsure data that many finance teams aren’t using key anti-fraud control procedures, for instance. Meanwhile, only half are working with IT or security teams to close the gaps between their cybersecurity strategy and their financial processes.

Now that 2023 is coming to a close and cyber threats are poised to be more dangerous than ever, will you be content to stay awake worrying about these risks? Or will you be losing even more sleep if and when the worst finally happens?

Cybersecurity Guide for CFOs 2024
Ready to take action?
AI is creating urgent new financial risks, but this year's edition of the Cybersecurity Guide for CFOs can help you understand generative AI risks and how to protect your organisation. Get your copy today.

Related articles

The new security standard for business payments

End-to-end B2B payment protection software to mitigate the risk of payment error, fraud and cyber-crime.