We're a Baker Tilly network member
Learn more
Back to top
Cybercrime: The importance of a chain of command
Article

Cybercrime: The importance of a chain of command

Key points

  • More than half of Business Radar respondents believe their business is not an attractive target for cybercrime 
  • Ambiguity in responsibility for cybersecurity could leave businesses at risk 
  • With cybercrime on the rise, a practised response plan and communications strategy is critical 

Pitcher Partners Business Radar report has shown that business leaders may overestimate their organisation’s preparedness for a cyber-attack or data breach, potentially leading to underestimation of the risks they face. While cybersecurity is a top priority for most mid-market companies, there is some ambiguity regarding who is responsible for cybersecurity. 54% of respondents named the IT team as having some responsibility, while 40% named managers and supervisors, 31% named executive leadership, 31% named all employees, and 19% named owners. Surprisingly, only 16% of respondents believed that the company board is responsible for cybersecurity, despite warnings from the Australian Securities and Investments Commission (ASIC). ASIC chairman Joe Longo said at the start of the year: “From my perspective, I see (cybersecurity) as the top of the house, the board of directors level, issue.’ 

Size doesn’t deter when it comes to cybercrime 

While almost half of those who responded believed their business was not an attractive target, it’s important to note that cyber breaches are on the rise. The Office of the Australian Information Commissioner reported a 26% increase in cyber breaches notified from July to December 2022 compared to the first half of the year. Most of these breaches (88%) involved contact and identity information, which every business holds in vast quantities. 

It’s important to be aware that outsourcing IT services does not necessarily remove risk for the business, as this is not true both legally and practically. In fact, 45% of respondents believed that outsourcing IT services reduces risk, and this number rose to 59% among highly confident businesses. This indicates poor awareness of the risks associated with third-party and supply chain security management. 

While they may feel that they are ‘small financial fish’ in the cybercrime pond which can lead to a false sense of security, small businesses are often targeted because they represent an easier access point to larger organisations in their supply chain. Additionally, they may not be as well defended as larger organisations and hold volumes of highly sensitive data. Therefore, it’s important to have a documented incident response plan in place, with clear processes to contain the breach and remediate the damage. 

Proactivity is key, prepare and practise 

Preparing for a cyber-attack should involve a communications plan, as it’s crucial to be able to respond quickly and effectively during a crisis. Businesses should also be aware of their obligations for reporting an incident to the appropriate people in their organisation and regulatory authorities. Preparing well should also involve workshopping and practising response plans and communication strategies ahead of an actual threat, because arranging one in the middle of a crisis will not allow the business to be responsive. The impact of a data breach can be severe, including exposure of critical data, loss of confidence from investors, class actions by affected customers, and loss of revenue and jobs. The average cost of a ransomware attack globally is now $6.5 million according to IBM’s 2022 Cost of a Data Breach report, and rising sharply every year as attacks become more sophisticated. 

Prudent business leaders should revisit their cybersecurity plans to ensure they are sound and that people at all levels of the organisation understand their role and responsibilities in case of a breach. Investing in cybersecurity can have a positive impact on a business, protecting from potential risks and helping to maintain a reputation and relationships with customers and suppliers.

This content is general commentary only and does not constitute advice. Before making any decision or taking any action in relation to the content, you should consult your professional advisor. To the maximum extent permitted by law, neither Pitcher Partners or its affiliated entities, nor any of our employees will be liable for any loss, damage, liability or claim whatsoever suffered or incurred arising directly or indirectly out of the use or reliance on the material contained in this content. Pitcher Partners is an association of independent firms. Pitcher Partners is a member of the global network of Baker Tilly International Limited, the members of which are separate and independent legal entities. Liability limited by a scheme approved under professional standards legislation.

Pitcher Partners insights

Get the latest Pitcher Partners updates direct to your inbox

Thank you for you interest

How can we help you?

Business or personal advice
General information
Career information
Media enquiries
Contact expert
Become a member
Specialist query
Please provide as much detail to ensure appropriate allocation of your query
Please highlight a realistic time frame that will enable us to provide advice within a suitable and timely manner. Please note given conflicting demands with our senior personnel, we will endeavour to respond to you within the nominated time frame. If you require an urgent response, please contact us on 03 8610 5477.
CPN Enquiry
Business Radar 2024
Dealmakers 2024
Tax Facts 2024-25
Search by industry