Human cost of Australia's ransomware attacks soars

More than half of Australian cybersecurity professionals would feel personally responsible for a ransomware attack, with 3 out of 10 considering leaving their job in the next two years due to stress or burnout, according to new data.

Mimecast’s ‘State of Ransomware Readiness 2022’ report indicates the cost to businesses is rising, with 20% of organisations saying the cost of an attack has reached between $50,000 and $100,000.

“Compounded by Australia’s cyber skills shortage and the number of cyber attacks occurring on our shores, it’s no wonder cybersecurity professionals are facing increasing stress and burnout,” said APAC Chief CTO at Mimecast, Garrett O’Hara.

The human impact of ransomware in Australia

It seems many professionals are reaching their breaking point, with 34% considering leaving their role in the next two years due to stress or burnout.

Cybermindz.org is a global organisation working to improve the mental health of cyber professionals. The company’s founder Peter Coroneos says the numbers are telling.

“These numbers validate what we are seeing globally as we talk to CISOs about the stresses of working in cyber. The factors that drive stress and burnout are well understood within cyber but poorly appreciated outside of it, largely because much of the work is unseen — that is, until a breach occurs, then invariably the cyber team is called to account.

“It’s an unforgiving, thankless role and one where mental health support has become a critical piece of sustaining our defenders. Our shared challenge is how quickly we can bring relief and restoration before more of our peers succumb to the pressure,” he said.

Mimecast’s 2023 State of Ransomware Readiness key findings of the human impact for Australian businesses include:

• 31% experienced an increased number of absences due to burnout following an attack.
• 57% (versus 55% globally) think cyber attacks will bring down part of the critical national infrastructure in their country (eg, utilities, banks, transport, etc) in the next two years.
• 57% would feel very personally responsible in the event of a ransomware attack, up from 54% last year.
• 46% of respondents believe the most effective measure to reduce ransomware attacks is to train employees on how to recognise email threats. This highlights the need for company-wide awareness and accountability.
   

The enterprise impact of ransomware in Australia

While the human toll on cyber professionals in Australia is rising, it’s also impacting enterprises at a higher rate than ever before. The 2022 survey found 40% of organisations are experiencing significant downtime because of ransomware attacks, up from 33% last year.

The number of organisations that have experienced a loss in revenue due to a ransomware attack in the last 12 months is now 41% of those surveyed, with 20% suggesting the cost of an attack (including ransom payment, systems recovery, additional security, additional staff, etc) was in the region of $50,000 to $99,999. For 13% of surveyed organisations, that number was between one and two million dollars.  One in five (20%) of surveyed businesses had been asked to pay between $500,000 and $999,999 for the return of information.

The report also asked how long it would take for businesses to recover from a ransomware attack. Thirty per cent of respondents said it would take one or two  days to return to business as usual. A third (33%) of respondents said they could only withhold for two to five days before sustaining significant financial loss and reputational damage.

More than half (53%) are concerned that their cyber insurance will refuse to pay out for ransoms in the future. This shows that insurance is not the safety net everyone thinks it is — given the recent ruling around Lloyd’s in the UK and Chubb in Australia.

Image credit: iStock.com/mikkelwilliam