We’ve all had the ‘3am thought,’ the nagging fear that keeps us awake in the middle of the night.
For CEOs, it’s the thought of cyber attacks that’s keeping them up.
Australia’s corporate leaders – including those from top companies like BHP, Commonwealth Bank, and Wesfarmers – have unanimously identified cyber threats as the principal external threat to their operations. This was one of the biggest takeaways from The Australian’s 2024 CEO Survey, which distils insights from over 80 leaders across various sectors and provides a snapshot of corporate leaders’ priorities heading into 2024.
The unfortunate reality is that leaders should be worried. But will that fear translate into meaningful action in the new year? It hasn’t always.
Data tells us that leaders are right to be afraid of a cyber incident. The latest threat report from Australian Signals Directorate found that Australians face a cyber attack every six minutes – an increase from the previous year – while businesses lose hundreds of millions of dollars to scams like business email compromise (BEC). And ransomware attacks can have ramifications that extend well beyond financial losses, including permanent reputational damage and regulatory investigations that can drag on for years.
Recent cyber incidents involving major firms such as Optus, Medibank, and Latitude Financial affected millions of customers and have underscored the enormity of this threat. Cybercrime, now a multibillion-dollar industry, poses significant financial costs and continues to escalate with the involvement of offshore criminals.
These threats show no sign of abating in 2024. Dark web marketplaces are seeing a boom in users, with fraudsters peddling corporate user credentials and financial information for paltry amounts of money. And this year saw the addition of newly hot commodities: malicious AI tools, similar to ChatGPT but specifically designed to facilitate illegal activity.
A recent Eftsure survey found similar fears among finance leaders, revealing that 90% of finance leaders see cybercrime as a growing issue. And a whopping 98% of CFOs say it’s a growing threat. When asked about undetected fraud in their own organisations, a majority (60%) say they’re concerned about it.
Another reason to worry? Very few were clear on who owned digital fraud prevention or accounting software integrity in their organisations. Since most cybercrime is financially motivated, finance and AP teams have a critical role to play in protecting businesses from the fallout of cyber incidents. Yet many are skipping key anti-fraud controls – including a quarter of small businesses skipping all anti-fraud control procedures entirely.
Even if your organisation has strict security procedures and defences in place, do all of your suppliers? Does every small business within your supply chain?
Cybercriminals’ resourcefulness and growing arsenal of tools aren’t the only factors that should worry you – the interconnectedness of business security and the opacity of many of your partners’ security protocols should also have you thinking harder about your vulnerabilities in 2024.
In response to these growing threats, leaders like Judo Bank’s Joseph Healy and Insurance Australia Group’s Nick Hawkins emphasise the importance of internal vigilance and robust cyber and data security controls. However, they acknowledge that the risk remains, often exacerbated by vulnerabilities in supply chains.
Meanwhile, the federal government’s national cybersecurity strategy aims to uplift Australia’s cyber resilience over the next six years. But many of these measures are staggered over several years, and some are long-term solutions whereas businesses need to find solutions for protecting themselves right away.
While cybersecurity dominates concerns, Australian CEOs are also wary of geopolitical and trade issues. BHP’s Mike Henry and UBS Australia’s Anthony Sweetman point to global economic downturns, inflationary pressures and geopolitical instability as significant external threats.
Executives like Woodside’s Meg O’Neill and Coles’ Leah Weckert also highlight challenges posed by the regulatory environment and supply chain disruptions. The pandemic and extreme weather events have revealed Australia’s susceptibility to supply chain shocks, but the general uncertainty and unpredictability make it difficult for businesses to strategise accordingly.
The bottom line is that there’s a lot that sits outside of leaders’ control. You can’t control extreme weather events or tragic geopolitical upheaval abroad, but you can control which steps you take to mitigate cyber risks.
The collective voice of Australia’s corporate leadership in the 2024 CEO Survey is clear: cybersecurity stands as the most pressing concern, requiring both internal vigilance and broader structural changes to address an ever-evolving threat.
For finance leaders, that means considering the importance of collaborative cybersecurity – by that, we mean cross-functional approaches that embed security solutions into every process. We know from Eftsure data that many finance teams aren’t using key anti-fraud control procedures, for instance. Meanwhile, only half are working with IT or security teams to close the gaps between their cybersecurity strategy and their financial processes.
Now that 2023 is coming to a close and cyber threats are poised to be more dangerous than ever, will you be content to stay awake worrying about these risks? Or will you be losing even more sleep if and when the worst finally happens?
Everything you need to know about the ClubsNSW data breach and how to protect yourself, your loved ones and your business.
How can you minimise insider threats without compromising culture? Find out 5 ways to do exactly that.
Crypto scams refer to any fraudulent practice in the cryptocurrency space aimed at tricking individuals into investing or giving away assets or …
End-to-end B2B payment protection software to mitigate the risk of payment error, fraud and cyber-crime.
