2020 Cyber Security Risk Report

The 2020 Cyber Security Risk Report demonstrates the breadth and depth of our collective understanding of cyber risk across Aon. In it, we focus on the unexpected ways that cyber risk impacts clients, in six areas: Intellectual Property, Mergers and Acquisitions, Retirement, Executives, Computer Crime and The Corporation. Our experience allows us to see the entire puzzle and how the pieces fit together. As such, part of the report provides a playbook for each highlighted risk to help organisations “solve” the ever-more-complex puzzle that is cyber risk.

In Australia, three key cyber risks have been identified for 2020:

Retirement (superannuation funds)

The Royal Commission into Misconduct in Banking, Superannuation and Financial Services Industry and recent APRA and ASIC findings into recent conduct risk, the ever-increasing fear and uncertainty around cyber risk and technology failures, the rising number of litigation funded class actions, and increased competition from disrupters are combining to create a perfect storm of internal and external risks for financial institutions.

Further to this is the sheer amount of personal and sensitive data held by super funds and which are a gateway to vast sums of money. These plans are increasingly accessed from online platforms and mobile devices and thus are also susceptible to breach.

Computer crime

Cybercrime is on the rise globally. Statistics gathered in the US show internet-enabled theft, fraud and exploitation remain pervasive and were responsible $2.7 billion in financial losses in 2018.

While geographically isolated, Australia is just as exposed.

Potential direct economic loss of cybersecurity incidents on Australian businesses could be as much as AU$29 billion per year, the equivalent of almost 1.9% of GDP.

Intellectual property

Theft, misappropriation or infringement of intellectual property poses a significant and growing risk in Australia. Australian organisations should audit and value their intangible assets, and there is currently no Australian accounting standard that comprehensively addresses the accounting treatment of IP in Australia, opening businesses to risk in this area.