The next 'black swan event': ASIC chairman Greg Medcraft says cybercrime is growing significantly. Photo: Ben Grubb
Cybercrime is a systemic risk and could be the next black swan event, the head of Australia’s corporate regulator says, as senior business executives warned companies were not sufficiently prepared for such dangers.
Technological advancements had fuelled a ‘‘significant growth’’ of cybercrime across the world – taking it to an estimated annual cost of $110 billion, the chairman of the Australian Securities and Investments Commission Greg Medcraft said on Monday.
For Australian companies, each attack was estimated to cost $2 million, Mr Medcraft, who was opening the regulator’s annual conference in Sydney, said.
"Cybercrime is a systemic risk and is potentially the next black swan event," Mr Medcraft said, adding that an attack could spread quickly and have a "very dangerous effect" on the financial system.
Mr Medcraft said cyberterrorism attacks such as those by the Syrian Electronic Army were “extremely scary given that we are becoming more and more connected.
‘‘The issue with cybercrime is what you don’t know you don’t know, because it is constantly evolving. You may never avoid it, but it is about being resilient.”
Mr Medcraft also used the forum to repeat ASIC’s call for tougher penalties to combat corporate misconduct, saying they a "very powerful deterrent effect".
The forum came a month after the Obama administration unveiled its Cybersecurity Framework, a 39-page report on a plan for information sharing between the federal government and public and private critical infrastructure providers.
Mr Medcraft said ASIC would draw from some of the ideas raised in Mr Obama’s proposal, and work with regulators around the world to establish international standards on risk management systems.
A report by accountancy firm PricewaterhouseCoopers this month found that 39 per cent of financial services companies were victims of cybercrime, in contrast to 17 per cent in other industries. But the survey’s authors said they believed the impact of cybercrime was even greater than what was officially reported.
Senior business executives said companies were not doing enough to guard against cyber-crime attacks, and that leadership in companies needed to start at the board level.
In January, hackers used a malware to infect US retailer Target’s point-of-sale systems and steal credit and debit card information of more than 110 million of its customers. Cyber security firms said the scale and sophistication of such attacks, which also saw American luxury retailer Neiman Marcus hit, were new, and would be difficult to detect and trace.
Tim Phillipps, a global managing partner for Deloitte Analytics and a former ASIC investigator, said the Target case showed that while companies were becoming skilled at collecting data and analysing their customer bases, they were still not particularly strong in securing that information.
Mr Medcraft again touched on the need for tougher penalties for white-collar crime, saying the public expected ASIC to take strong action against wrongdoing. ‘‘Often it is a situation where it’s a fear versus greed equation,’’ he said.