Australia’s business leaders rate concerns about cybersecurity risks in 2022 even higher than COVID-19 pandemic impacts, economic volatility or climate change, according to PwC Australia’s 25th CEO Survey.

The survey was conducted in October and November 2021, with COVID-19 and related health risks high on CEOs’ minds, yet they were still 16 percentage points more ‘very’ and ‘extremely’ concerned about cyber risks.

In fact, cybersecurity risk is a key point of difference between Australian and global leaders. Of the more than 4,400 CEOs worldwide who responded to PwC’s Global CEO Survey, only 50% were concerned about cybersecurity risk (compared to 71% of CEOs in Australia). 

Australia’s CEOs are also more concerned that cyber risks could affect their ability to sell products and services (67% compared to 60% of their global peers).

So why are CEOs so concerned about cybersecurity impacting their businesses?

Cybersecurity attacks could cost Australian companies billions

The survey says 2021 was the worst year on record for cybersecurity with the Australian Cyber Security Centre reporting a 13% increase in attacks Year-over-Year (YOY).

“It is a trend that’s likely to continue in 2022. Our economic modelling predicts these attacks could cost Australian businesses around $10 billion annually,” says Rick Crethar, Cyber & Digital Trust Leader, PwC Australia, adding that some of the highest profile cybersecurity breaches in recent years have targeted supply chains. 

Protecting supply chains 

Findings from the latest PwC Digital Trust Insights Survey indicated that this  year Australia’s CEOs are more concerned about vulnerabilities within their supply chains and business partners compared to the previous year - 60% of Australian executives believe third and fourth-party threats will affect their industry in the next 12 months, and 54% said this would have a ‘significantly negative’ or ‘negative’ impact on their organisation. 

Additionally, businesses today operate through an integrated network of supply chains which increases the complexity of detecting an attack, and makes each link in that chain vulnerable to attack. Some of the highest profile cybersecurity breaches in recent years targeted supply chain software, where embedded malware had widespread impact.

“Not only is the rate of cyber-attacks on businesses increasing, cyber criminals are also broadening their reach. If you look back 10 years, criminals primarily targeted financial services, now we are seeing significant risk in the utilities sector and for payroll systems,” says the survey. 

“Protecting businesses and their supply chains requires expertise, with CEOs increasingly recognising a shortage of talent as an important factor in shaping their cybersecurity strategies. CEOs should invest in training and awareness, building cyber capabilities and a cyber savvy workforce in the year ahead,” says Crethar. 

Why should businesses invest in Cybersecurity?

While cybersecurity has traditionally been seen as a cost to business, given the potential impact that a cyber incident can cause to businesses, focusing on cyber resilience should be regarded as an investment. This investment is an opportunity to build greater trust with customers and therefore supporting top-line business growth. 

CEOs in Australia who participated in the survey were concerned that cyber attacks would inhibit their ability to sell products or services. They were also worried that this risk would hold back innovation and growth - 52% of CEOs were concerned cybersecurity risks would impact their ability to innovate through technology and processes, or affect their ability to develop new products and services. 

Greater cybersecurity awareness helps protect a business’s reputation, reduces risks and allows decision makers to focus on future opportunities.