The cost of cybercrime in Australia to its 5 million annual victims is significantly lower than in other countries even though incidents are equally prevalent, Symantec has revealed in new customer research that also found a continuing lack of concern about the security of mobile devices.
The company's 2013 Norton Report surveyed 13,000 respondents in 24 countries, and found that 46 per cent of Australian adults have experienced cybercrime in the last 12 months. This was slightly higher than the global average of 41 per cent, but the average direct cost per Australian cybercrime incident in the past 12 months was pegged at just $US187 ($A196), compared with $US298 ($A313) globally.
Sean Kopelke, director of technology with Symantec Australia, told CSO Australia that the decline was likely due to both authors of ransomware "going for smaller amounts and a lower level of detection", and due to Australians becoming "a little more aware of the effects of cybercrime, and aware of the things they're having to put in place" to ensure their security online.
"We're seeing people being a little more security aware," he said.
While Symantec's consumer survey focused on end users, its conclusion of reducing cybercrime figures contradicted another recent study, by Ponemon Institute, that found that cyberattacks on enterprises have become "common occurrences" that cost an average of $US11.6 million ($A12.2) per year, up from $US8.9 million ($A9.3m) in 2012.
Symantec pegged the total cost of cybercrime to Australia at $US1 billion ($A1.005b). Yet while security incidents may be expensive for large enterprises, Australian users were ahead of the curve in avoiding casual exposure to security threats.
For example, Australians were less likely than users in other countries to commit potentially compromised information to public Wi-Fi services. Just 44% of Australians, compared with 54% overall, use public or unsecure Wi-Fi to access or send personal emails.
Just 48 per cent use public Wi-Fi to access their social networks, 27 per cent to shop online and 25 per cent to access their bank accounts – compared with 56 per cent, 29 per cent and 29 per cent, respectively, overall.
Interestingly, however, Australians were more likely to believe that online file storage services such as Dropbox and Box are safe: 55 per cent of respondents reported this belief, compared with just 50 per cent globally. Some 18 per cent of online file storage users use the same online file-storage account for both work and personal documents.
Such attitudes were creating security concerns when it came to mobiles and bring your own device (BYOD) programs. Some 32 per cent of survey respondents said their company had no policy on the use of personal devices for work, while 46 per cent of respondents said they use their personal mobile device for both work and play.
Working Australians were less likely than those in other countries to store personal information on their work devices – 19 per cent vs 27 per cent – or to access their social networks using their work device – 28 per cent vs 34 per cent. Many "still don’t understand the privacy settings" on social-network sites, Kopelke said, while many were freely handing their passwords over to other people.
"A lot of it comes down to knowledge," he said. "When you look at the social-network settings, a lot of people just find them too complicated."
Yet it was the statistics around protecting mobile devices that should scare any CSO contemplating protection of a BYOD rollout: only 53 per cent of smartphone users delete suspicious emails from people they don't know; just 46 per cent of smartphone users avoid storing sensitive files online; and 57 per cent of mobile users weren't even aware that security solutions for mobile devices exist.
With 42 per cent of respondents reporting that they don't even use basic security on their smartphones or tablets – including passwords, backup of their information or use of security software – Kopelke said the figures were worrying, especially since 21 per cent of respondents reported they had lost their mobile device or had it stolen in the past.
Recent figures from the ACMA reinforce the importance of mobile security education, with many Australians indicating that their smartphone didn't need security tools, and younger Australians showing a particularly low level of concern about malware threats.
Mobile security education has, Kopelke suggested, become critical given that its prevalence is increasing.
"It shows that while the average person understands the risks around the desktop or notebook environments and have security there, they haven’t taken those security practices across to their mobile platforms," he explained.
"It's another area that just shows why cyber criminals are going to be targeting those mobile users going forward."