Between January and March 2024, we conducted our ninth annual 'Perspectives on Cyber Risk' survey. Our research gathered insights from a broad cross-section of respondents, including leading CEOs, CIOs, CISOs, legal counsel, compliance and risk managers, across diverse sectors of the Australian economy.

In this report, we consider rapidly emerging AI platforms such as generative AI, whose adoption rates reveal both emergent opportunities and potential vulnerabilities for organisations.

The overwhelming majority of surveyed organisations told us that they are only somewhat confident, or are not confident at all, that their organisation is well-prepared to adopt these new technologies – with 44% of respondents telling us that privacy and cyber risks were their most pressing concern in relation to the adoption of AI.”

Paul Kallenbach, MinterEllison Partner

Organisations must balance the need to innovate and grow in the digital economy with their privacy and data security obligations and responsibilities. A key focus in this year's report is on long-awaited regulatory reforms. After many years of consultation, in 2024 we expect to see significant changes to Australia’s privacy and data protection regime, which will transform the way that personal and other information is required to be governed, managed and protected.

In our 2022 and 2023 surveys, only 56% of the respondents ranked cyber risk as a ‘top 5’ priority within their organisations. This year, however, 72% of respondents considered cyber risk a ‘top 5’ priority – likely reflecting an escalating apprehension amongst Australian organisations in the aftermath of the large scale and highly publicised data breaches.

Over many years of advising on data breaches, we’ve seen first-hand the consequences of underinvesting in cyber security, including financial losses, reputational damage, legal jeopardy, and operational disruption. It is crucial for companies to prioritise cyber security as a strategic investment to protect their assets, customers and overall business interests.”

Shannon Sedgwick, MinterEllison Consulting Partner

How can organisations manage cyber risk?

In Perspectives on Cyber Risk 2024, we examine our survey findings against the backdrop of this rapidly evolving cyber landscape. We offer insights into recent technological developments and regulatory responses, and deliver practical guidance for organisations in preparing for, and mitigating the effects of, high-impact cyber incidents. In this edition, you will also find:

• an overview of regulatory and policy developments in cyber security;
• updates on regulator action in response to data breaches and class action updates;
• a summary of major Australian and international data breaches over the last year; and
• 10 lessons for best practice cyber response with reference to real data breaches.