Perspectives on Cyber Risk 2023: the real cost of a data breach

4 minute read + PDF  03.05.2023 Paul Kallenbach, Shannon Sedgwick

Our recent survey findings indicate that organisations may be getting complacent with their cyber risk management. However, regulators are upping the ante. Our report explores some new data around cyber risk, and how organisations must take a proactive approach to combat it.

In 2023, MinterEllison conducted its eighth annual survey to assess contemporary perspectives on cyber risk. In both 2022 and 2023, only around half of survey respondents ranked cyber risk as a ‘top 5’ priority.

However, as organisations face increasing exposure and risk as technology evolves, community expectations around data management grow, and regulators increase their scrutiny, organisations that regard cyber risk as a low or medium priority are vulnerable.


When a cyber attack occurs, you could have seconds to protect years of data”
Paul Kallenbach, MinterEllison Partner
Icon block

56% of respondents ranked cyber risk as a ‘top 5’ priority within their organisation

Icon block

62% of respondents said that they were not confident, or only somewhat confident, that their organisation understood what data it stores, where it is stored, and who has access to it

Icon block

52% of respondents said they were not confident, or only somewhat confident, about their organisation’s understanding of its contractual and regulatory obligations in the event of a data breach

Icon block

51% of respondents considered that their organisation had sufficient resources to monitor and respond to its cyber security needs

  • 78% of respondents told us that they have a cyber security incident response plan in place.
  • But only 53% told us that they had assessed their cyber security arrangements against an established framework (such as the NIST Cybersecurity Framework or the ASD Essential Eight).
  • Only 52% told us that test or rehearse this plan regularly (at least annually)

How significant is the cyber threat?

In our report, our experts' advice is clear.


The threat of a cyber incident can no longer be classified as remote or novel. Cyber security and privacy by design must be embedded within the culture and planning of every organisation. Proactive and agile management and response to cyber risk are the new normal.”
Shannon Sedgwick, MinterEllison Consulting Partner

In addition, the financial impact of a data breach is significant. In 2022, the average total cost of a data breach across all industries globally was estimated to be $6.52 million.

Organisations must take steps to:

  • combat cyber complacency and fatigue;
  • elevate cyber security as a top priority; and
  • implement measures to embed a culture of cyber security, including by promoting an understanding of and commitment to mitigating cyber risk across all levels of the organisation.

During our 2023 CPD Legal Studio, Angelene Falk, the Australian Information Commissioner and Privacy Commissioner talked about how organisations should put individuals at the heart of their response to a cyber attack.

How can organisations manage cyber risk?

In Perspectives on Cyber Risk 2023, we examine our survey findings within the context of a rapidly evolving cyber landscape. We offer insights into recent regulatory responses and deliver practical guidance for organisations in preparing for, managing and mitigating high-impact cyber incidents.

Mitigate your cyber risk