Businesses are often not confident their systems are protected from sophisticated cyber criminals and many aren’t sure their data breach response plan meets requirements, a Gallagher Australia report has found.

“Cyber threats dramatically escalated in 2020 and this negative trend has continued into the first quarter of 2021,” Gallagher says.

“While politically motivated strike forces mount attacks against institutions and government organisations, the most common threat is from ordinary hackers managing to stay one step ahead of both business and regulators, which has been overwhelming for some organisations.”

The 2021 Gallagher Australia Cyber Insights Report reflects more than 600 survey responses from organisations and looks at key risk areas as well as prevention and protection.

“Cyber exposures are constantly and quickly evolving and the cyber risk management journey is continual with no end in sight,” the report says.

Only 45% of 415 respondents are confident their employees receive regular cyber security training, while half are confident or extremely confident their remote workforce uses the same security protocols and procedures as they would in the office environment.

The report highlights that cyber criminals will often look for vulnerabilities in a vendor’s security systems as a way of getting into a target’s network, since supplier networks can be comparatively more vulnerable.

But only 28% of respondents are confident their third-party suppliers would have sufficient insurance to cover cyber breach costs.

When it comes to having a data breach response plan or cyber incident response plan that meets business and regulatory requirements, 8% say they are extremely confident, 20% confident, 34% somewhat confident, 24% not so confident and 14% not confident at all.

Only 43% say they are extremely confident or confident that their business has sufficient insurance to cover the associated costs of a cyber incident.

“The main motivation for any business owner or leader to manage cyber risk is the consideration that a cyber incident is perhaps inevitable in our current digital landscape, regardless of the level of confidence you may have in your cyber security posture,” Gallagher says.

The report says many clients enhance their cyber security, risk management and protection as a result of having been the victim of an incident and suffering anything from reputational damage to financial devastation caused by data loss or breach.