The Average Cost Of A Cyberattack On Australian Businesses Is Over $622,000

The Average Cost Of A Cyberattack On Australian Businesses Is Over $622,000
Image: iStock

Australian businesses are a popular target for cybercriminals. When a cyberattack hits, it can be costly for businesses to deal with. BAE Systems has now put a number on just how much it can cost. According to a study by the security vendor, the average cost of a cyberattack for an Australian business is over $622,000. Here are the details of the research.

BAE Systems conducted a global survey to find out more about how organisations respond to cyberattacks and asked how much their most recent attack has cost the business. Australia, US, UK, Malaysia and Singapore were the countries involved in the survey.

In Australia, around 100 IT leaders provided responses to the survey. According to a findings:

  • A quarter of Australian businesses don’t know if they have the security controls in place to defend against cyberattack. This is the highest figure out of all the countries surveyed.
  • On average, Australian businesses reported at least one attack in the last six months. The global average is one attack in the last nine months.
  • The average cost of a cyberattack for an Australian business is over $622,515.
  • 15 percent of companies have not tested their incident response plan in up to two years. Nine percent of survey respondents said they don’t have an incident response plan or don’t know if they have one.

But there is some good news.

“Our research found Australian businesses were more likely to report a cyberattack than the global average, whether that be a week ago, a month ago or six months ago,” BAE Systems head of cyber solutions Asia-Pacific and Japan Alex Taverner said. “As recent high profile cyberattacks have demonstrated, businesses of all sizes and in all industries must ensure they’re prepared.”

To us, the $622,515 figure seems a bit low for large companies and you still need to factor in reputational damage, which is difficult to quantify. Of course, this is just an average figure and some organisations may have been hit harder than others.

Has your organisation recently been hit by a cyberattack? How much did it end up costing the business? Tell us all about it in the comments.


  • One of our remote sites got hit by cryptolocker recently. After the IT Department grilling the end user for over an hour we established that it was user initiated days before. It took 3 days to recover but early detection would have saved the IT Department a lot of time. Don’t be afraid to report any suspicious activity to IT, otherwise you will end up like this user who will forever be on the IT List of people who wasted multiple resources, multiple days of productivity because they were too scared to report it.

Log in to comment on this story!