IoT value untapped while cyber security threats grow

Australian businesses are beginning to adopt Industry 4.0 technologies, yet cyber threats remain an impediment. Innes Willox explains.

Australian industry is currently in a state of transition to the Fourth Industrial Revolution – or Industry 4.0. It is fair to say that substantial progress in embracing Industry 4.0 has so far been confined to a relatively small number of leading firms – both multinational and domestically-based. Embracing Industry 4.0 has stretched the gap between these leaders and the majority of businesses.

There are certainly public policy actions that can help respond to these challenges, especially to develop our businesses – small to large, in new or traditional sectors – and to equip them to raise their horizons and competitiveness. In a soon-to-be-released Ai Group report, we will outline key policy priority areas where government and industry can work together to tackle these types of challenges.

But, irrespective of these challenges, there are examples where companies in Australia are punching above their weight and doing amazing things with new technology and leading the way for others. For our report, Ai Group interviewed several innovative companies from a range of industries who have decided to take the lead to invest in and implement these technologies.

Our report also reflects on how industry has progressed in its digitalisation journey, as well as the underlying technological landscape, drawing from a range of sources, including recent Ai Group surveys.

There are two significant findings that we would like to share ahead of the publication of our report.

IoT value yet to be tapped
Despite positive expectations that greater cost efficiency would drive adoption of the internet of things (IoT), challenges still remain in promoting its business value.

According to the latest ABS data on business use of IT, more than 60 per cent and 80 per cent of businesses did not see any value in IoT and radio frequency identification devices (RFID), respectively.

IoT was more likely to be valued by larger businesses (rated as “major value” by less than
20 per cent) and in industries such as mining, retail trade, transport, postal and warehousing, and information media and telecommunications. However, just over 10 per cent of these industries saw major value in IoT.

Similar to IoT, RFID was more likely to be highly valued by larger businesses, however this still fell short of 10 per cent. Transport and postal and warehousing placed the greatest value on RFID (major value at 10 per cent).

Growing cyber security threats
Cyber security threats continue to be a growing and evolving risk management issue for many businesses.

Approximately a third of all businesses surveyed by Ai Group reported they had experienced a cyber security incident of some kind. This is a relatively high number, highlighting that businesses in Australia are susceptible to such incidents and are not isolated from an increasingly connected world. Given that there may be undetected incidents that are unknown and therefore not reported, the numbers could be higher.

The most common incidents arose from phishing attacks,  hacking in some shape or form, and malware. Compounding this, some businesses experienced multiple incidents including virus infections, hacking, malware, phishing, and denial of service.

By way of contrast, ABS surveys reported that over 10 per cent of businesses experienced a cyber security incident in 2017-18, while almost 20 per cent did not know. Notably, wholesale trade and manufacturing were the ABS’s top two industries that reported cyber security incidents. The difference between Ai Group and ABS data may be attributable to the broader range of businesses surveyed by the ABS, including sole-traders and non-employing businesses.

Not surprisingly, a significant majority of businesses who responded to our survey and experienced cyber security incidents also invested in mitigation measures. Beyond these businesses, more than half per cent proactively invested in cyber security measures in 2018 – the proportion of these responses includes more manufacturers than other sectors. This is in stark contrast to the almost 80 per cent of respondents in our previous survey who reported that they did not use cyber security technology, with barely 10 per cent seeing cyber security as an inhibiting factor for their business.

While our latest survey did not explore other drivers for cyber security investment, the higher proportion of businesses investing in cyber security (especially proactively) compared to our previous survey suggests a dramatic shift in industry attitudes.

The ABS data was less optimistic than Ai Group’s findings – almost half of businesses did not see any value at all in cyber security measures. Certainly, whatever their differences, both surveys indicate that a proportion of businesses did not invest or value the importance of cyber security technology or other measures.

Akin to safety, cyber security is an ongoing risk management consideration for any business. Lack of business investment suggests that either more work could be done to improve cyber security posture, or that some businesses feel they already have adequate levels of protection.

These figures coincide with the commencement of various data privacy legislations in 2018, including the Australian Notifiable Data Breach (NDB) Scheme in February 2018 and the EU General Data Protection Regulation (GDPR) in May 2018.

By the end of March 2019, there were over 1,000 data breaches reported to the Office of the Australian Information Commission since the NDB Scheme commenced. Over this period, almost 60 per cent were due to malicious or criminal attacks, and over a third due to human error.

Despite relative improvements in our findings on increased business cyber security investment, causes for these data breaches point to the need for cyber security hygiene within organisations, as well as more general improvements in internal management of personal data to minimise human errors.