1
00:00:06,040 --> 00:00:08,119
Speaker 1: Welcome to Fearing Greed Q and A where we ask

2
00:00:08,160 --> 00:00:12,160
Speaker 1: and answer questions about business, investing, economics, politics and more.

3
00:00:12,200 --> 00:00:15,920
Speaker 1: I'm Sean Aylmer. Ransomware attacks are still a major threat

4
00:00:15,960 --> 00:00:19,680
Speaker 1: to Australian businesses of all sizes, but the tactics involved

5
00:00:19,720 --> 00:00:22,720
Speaker 1: are changing and at the same time attitudes towards reporting

6
00:00:23,000 --> 00:00:26,960
Speaker 1: and paying ransoms are evolving too. Darren Hopkins is head

7
00:00:27,000 --> 00:00:30,080
Speaker 1: of cy at mcgrar nickel, a great supporter of this podcast. Darren,

8
00:00:30,120 --> 00:00:31,160
Speaker 1: Welcome back to Fear and Greed.

9
00:00:31,480 --> 00:00:32,600
Speaker 2: Thanks, Sean, good to be back.

10
00:00:33,000 --> 00:00:36,440
Speaker 1: And Brendan Paine is a cyber partner at mcgrrah nickel. Brendan,

11
00:00:36,560 --> 00:00:39,960
Speaker 1: welcome back, Sean, thanks for having me again, Darren. In

12
00:00:39,960 --> 00:00:42,360
Speaker 1: its fifth year, mcgar nickel has partnered with you guv

13
00:00:42,440 --> 00:00:46,560
Speaker 1: to survey over eight hundred Australian business owners, partners, directors,

14
00:00:46,760 --> 00:00:50,919
Speaker 1: c suite leaders across businesses with fifty plus employees on

15
00:00:51,040 --> 00:00:55,360
Speaker 1: the ransomware threat facing Australian businesses. Very topical at the moment.

16
00:00:55,440 --> 00:00:59,440
Speaker 1: We've had some very high profile ransomware issues in recent weeks.

17
00:00:59,480 --> 00:01:01,680
Speaker 1: In fact, what can you tell us about the headline

18
00:01:01,720 --> 00:01:05,040
Speaker 1: result for twenty twenty five. How has the threat changed

19
00:01:05,360 --> 00:01:06,560
Speaker 1: compared to last year.

20
00:01:07,080 --> 00:01:09,120
Speaker 2: A few things have changed. One of the things that

21
00:01:09,120 --> 00:01:11,000
Speaker 2: we've changed was the way we even did the survey

22
00:01:11,920 --> 00:01:14,640
Speaker 2: five years and we've had feedback every year and I

23
00:01:14,680 --> 00:01:17,240
Speaker 2: have to say my last year was probably some of

24
00:01:17,240 --> 00:01:19,959
Speaker 2: the most controversial and interesting feedback from my peers in

25
00:01:19,959 --> 00:01:22,800
Speaker 2: the market, all with our view as to what our

26
00:01:22,840 --> 00:01:26,280
Speaker 2: findings were showing and saying based on what they see

27
00:01:26,280 --> 00:01:28,880
Speaker 2: and what they experienced. So we took a different approach

28
00:01:28,920 --> 00:01:31,399
Speaker 2: and make sure we've got some real granular detail this year,

29
00:01:31,959 --> 00:01:34,680
Speaker 2: so we can look at size of businesses, sectors and

30
00:01:34,720 --> 00:01:36,800
Speaker 2: a range of other things to get that data that

31
00:01:37,000 --> 00:01:40,560
Speaker 2: we'll be asked to do headline. I guess coming out

32
00:01:40,560 --> 00:01:43,200
Speaker 2: of this year's survey we looked at more businesses at

33
00:01:43,200 --> 00:01:44,839
Speaker 2: this time because we wanted to get a broad across

34
00:01:44,840 --> 00:01:47,920
Speaker 2: section across what the Australian landscape looks like, and we

35
00:01:47,960 --> 00:01:50,240
Speaker 2: wanted to focus on businesses with fifty employees and more.

36
00:01:51,640 --> 00:01:53,440
Speaker 2: And the request on you GV was make sure this

37
00:01:53,480 --> 00:01:56,480
Speaker 2: represents what the country looks like. So we're a country

38
00:01:56,520 --> 00:01:58,000
Speaker 2: a small business, so we've got a factor in a

39
00:01:58,040 --> 00:02:00,400
Speaker 2: lot of small business. We can't just assume that this

40
00:02:00,520 --> 00:02:02,000
Speaker 2: is only a threat for the top end of town,

41
00:02:02,400 --> 00:02:06,559
Speaker 2: and that's what we've done headline results. It's still an issue.

42
00:02:06,680 --> 00:02:09,760
Speaker 2: Ransomware attacks still remain high. There's actually a lot of

43
00:02:09,760 --> 00:02:12,079
Speaker 2: good findings coming out of the survey this year which

44
00:02:12,160 --> 00:02:15,560
Speaker 2: we were really happy to see, notable decline in the

45
00:02:15,560 --> 00:02:18,359
Speaker 2: proportion of businesses that were paying. I mean previous years

46
00:02:18,400 --> 00:02:21,120
Speaker 2: we've been sort of highlighting how many are paying. This year,

47
00:02:21,160 --> 00:02:23,760
Speaker 2: forty four percent of the respondent's reported experience a ransomware

48
00:02:23,760 --> 00:02:25,639
Speaker 2: attack in twelve months, so's still a high number saying

49
00:02:25,680 --> 00:02:28,120
Speaker 2: that they had experienced a ransomware That's down from about

50
00:02:28,800 --> 00:02:32,200
Speaker 2: fifty six percent last year. What we did see this year,

51
00:02:32,240 --> 00:02:33,200
Speaker 2: and this is the one of the things I keep

52
00:02:33,200 --> 00:02:35,399
Speaker 2: getting question on, is that others are saying, I don't

53
00:02:35,400 --> 00:02:38,440
Speaker 2: see that ninety percent of those businesses were SMEs. They

54
00:02:38,440 --> 00:02:41,720
Speaker 2: were smaller businesses, So then vast majority of the brunt

55
00:02:41,720 --> 00:02:44,040
Speaker 2: of that attack is landing on the small businesses in

56
00:02:44,080 --> 00:02:46,919
Speaker 2: this country, whilst some of the big attacks are certainly

57
00:02:46,960 --> 00:02:49,840
Speaker 2: ones we see in the press, but that's a small proportion.

58
00:02:50,440 --> 00:02:52,800
Speaker 2: Another thing that we were really happy to see was

59
00:02:52,880 --> 00:02:56,160
Speaker 2: the amount being paid, so that's dropped from last year.

60
00:02:56,200 --> 00:02:58,240
Speaker 2: We were reporting one point three to five million being

61
00:02:58,320 --> 00:03:01,680
Speaker 2: that average payment, which is incredibly high, driven by some

62
00:03:01,760 --> 00:03:05,320
Speaker 2: really large payments this year seven hundred and eleven thousand,

63
00:03:05,400 --> 00:03:08,119
Speaker 2: So that's a significant reduction in that average payment that's

64
00:03:08,160 --> 00:03:12,040
Speaker 2: coming through and a great shift in attitude. So a

65
00:03:12,040 --> 00:03:14,680
Speaker 2: lot of businesses said that they would still be willing

66
00:03:14,720 --> 00:03:18,519
Speaker 2: to pay a ransom if attacked, but less than last year.

67
00:03:19,000 --> 00:03:21,840
Speaker 2: So previously have asked if you're attacked and you hadn't

68
00:03:21,840 --> 00:03:25,239
Speaker 2: actually experienced mine, which is still consider paying. So that's

69
00:03:25,320 --> 00:03:28,680
Speaker 2: actually falling away, which we're happy to see. If you

70
00:03:28,760 --> 00:03:31,560
Speaker 2: go in thinking, you know, you pay if it needed,

71
00:03:31,560 --> 00:03:34,760
Speaker 2: then that's part of that thought process you have. And

72
00:03:34,800 --> 00:03:36,920
Speaker 2: we've also seen the threats that are changing as well.

73
00:03:37,000 --> 00:03:38,480
Speaker 2: I mean, that's the other thing. Attackers are being a

74
00:03:38,520 --> 00:03:42,080
Speaker 2: little bit more sophisticated. We've seen double extortions, We're seeing

75
00:03:42,800 --> 00:03:45,400
Speaker 2: one thing in the press quite a lot our supply

76
00:03:45,520 --> 00:03:48,800
Speaker 2: chain being impacted, so others being attacked. That causes you

77
00:03:48,840 --> 00:03:50,640
Speaker 2: the issue, and that's a big change as well.

78
00:03:51,360 --> 00:03:57,640
Speaker 1: What has caused the change in attitude behind the trend

79
00:03:58,080 --> 00:04:00,880
Speaker 1: the fact that people are less likely to pay. Why

80
00:04:00,920 --> 00:04:01,560
Speaker 1: is that happening?

81
00:04:02,480 --> 00:04:05,000
Speaker 2: We asked the same question and there's a range of

82
00:04:05,000 --> 00:04:08,040
Speaker 2: factors sort of playing into that. One of the reasons

83
00:04:08,080 --> 00:04:11,520
Speaker 2: that we're seeing an attitude change is we constantly see

84
00:04:11,560 --> 00:04:13,840
Speaker 2: this going through the press. We constantly see others that

85
00:04:13,920 --> 00:04:15,920
Speaker 2: are in our supply chain being impact and we're getting

86
00:04:15,960 --> 00:04:18,200
Speaker 2: more familiar with what this means. There's a lot of

87
00:04:18,240 --> 00:04:21,440
Speaker 2: discussion around what it is you're doing if you pay,

88
00:04:21,600 --> 00:04:24,960
Speaker 2: I mean, you're supporting organized crime. And the government's view

89
00:04:25,000 --> 00:04:27,760
Speaker 2: has been always very very strong that that's something we

90
00:04:27,760 --> 00:04:31,279
Speaker 2: should we should stop doing, and there's no doubt that

91
00:04:31,360 --> 00:04:34,200
Speaker 2: this is an ecosystem we need to break. But there

92
00:04:34,240 --> 00:04:36,880
Speaker 2: was also some pol policy changes that that have actually

93
00:04:36,920 --> 00:04:39,320
Speaker 2: had a good influence on that as well. So with

94
00:04:39,400 --> 00:04:43,200
Speaker 2: the Cybersecurity Act coming through last year, there's now mandatory

95
00:04:43,360 --> 00:04:46,360
Speaker 2: reporting obligations around the payment of a ransom, and we've

96
00:04:46,400 --> 00:04:50,320
Speaker 2: never had that before. Previously when there was a ransom

97
00:04:50,320 --> 00:04:52,880
Speaker 2: where Bill proposed, the governments trying to work out how

98
00:04:52,880 --> 00:04:55,760
Speaker 2: do we actually put some enforcement around this attitude of

99
00:04:55,800 --> 00:04:57,960
Speaker 2: don't pay, and where we landed as if you're a

100
00:04:58,000 --> 00:05:00,600
Speaker 2: business with more than three million dollars and you make

101
00:05:00,640 --> 00:05:02,800
Speaker 2: a payment, you now actually have to tell a government

102
00:05:03,320 --> 00:05:06,000
Speaker 2: who you paid, what you paid, and the circumstances around that,

103
00:05:06,040 --> 00:05:10,000
Speaker 2: including a transcript of any negotiations that clearly has had

104
00:05:10,000 --> 00:05:15,080
Speaker 2: an impact on the willingness to pay. Interesting. I spoke

105
00:05:15,120 --> 00:05:17,480
Speaker 2: to a director who has actually had to pay a

106
00:05:17,560 --> 00:05:21,360
Speaker 2: ransom under the new regime, and I asked the question, Okay,

107
00:05:21,440 --> 00:05:24,200
Speaker 2: well did that come into and influence your decision around

108
00:05:24,240 --> 00:05:28,719
Speaker 2: making a payment? And ultimately that person said, I still

109
00:05:28,720 --> 00:05:30,280
Speaker 2: made the decision I made, and it was the right

110
00:05:30,320 --> 00:05:33,919
Speaker 2: decision for our business. We needed to pay for our business. However,

111
00:05:34,080 --> 00:05:36,640
Speaker 2: the reporting regime was interesting. He said that it actually

112
00:05:36,680 --> 00:05:40,240
Speaker 2: made him feel better about the process because he now

113
00:05:40,279 --> 00:05:42,400
Speaker 2: had to tell the government and it was almost like

114
00:05:43,000 --> 00:05:45,919
Speaker 2: an episode where I've done the wrong thing. I know

115
00:05:46,000 --> 00:05:47,479
Speaker 2: it's the wrong thing, but I'm going to go and

116
00:05:47,480 --> 00:05:49,560
Speaker 2: tell somebody because I'm supposed to, and it's like a

117
00:05:49,600 --> 00:05:52,800
Speaker 2: penance and I've been to confession and the feeling after

118
00:05:52,880 --> 00:05:54,839
Speaker 2: is I've done everything I needed to do now to

119
00:05:54,880 --> 00:05:58,279
Speaker 2: make that right. So interesting the way people perceive those

120
00:05:58,360 --> 00:06:03,080
Speaker 2: requirements and the other driver's reputational damage ninety two percent

121
00:06:03,120 --> 00:06:05,920
Speaker 2: of the surveyed businesses this year so that a breach

122
00:06:06,040 --> 00:06:09,440
Speaker 2: like this will negatively impact their business perception, and the

123
00:06:09,480 --> 00:06:11,640
Speaker 2: payment is a big driver and that if others to

124
00:06:11,760 --> 00:06:12,400
Speaker 2: know about.

125
00:06:12,160 --> 00:06:15,520
Speaker 1: That, notwith saying we don't like cybercrime brandan that's a

126
00:06:15,560 --> 00:06:18,320
Speaker 1: bad However, some of these results that Darren's just run

127
00:06:18,360 --> 00:06:21,920
Speaker 1: through are actually improvements and where we've been What are

128
00:06:21,960 --> 00:06:25,960
Speaker 1: cyber criminals doing as a result. Are they changing the

129
00:06:26,000 --> 00:06:29,880
Speaker 1: way are they attack people? Are they attacking different sectors,

130
00:06:29,960 --> 00:06:31,280
Speaker 1: different sized enterprises.

131
00:06:32,000 --> 00:06:34,560
Speaker 3: Yeah, it's a great question and a bit unpack and

132
00:06:34,640 --> 00:06:37,000
Speaker 3: Darren stolen all my headlines there, Sewan, so bear with me.

133
00:06:37,080 --> 00:06:40,920
Speaker 3: But look, I think you know what we're noticing is

134
00:06:40,920 --> 00:06:44,160
Speaker 3: a pretty significant drop in the number of Australian businesses

135
00:06:44,160 --> 00:06:47,680
Speaker 3: paying ransom so Darren said in twenty twenty five about

136
00:06:47,720 --> 00:06:50,119
Speaker 3: sixty four percent paid up, down from eighty four percent

137
00:06:50,240 --> 00:06:53,240
Speaker 3: the prior year, and the average payment is almost half

138
00:06:53,400 --> 00:06:55,880
Speaker 3: so again just over seven hundred thousand hour, down from

139
00:06:55,880 --> 00:06:59,080
Speaker 3: one point four. That said, though attacks are still happening

140
00:06:59,120 --> 00:07:01,039
Speaker 3: at a higher rate, we don't want to we don't

141
00:07:01,040 --> 00:07:03,960
Speaker 3: want to let that be the headline there. About forty

142
00:07:03,960 --> 00:07:07,440
Speaker 3: four percent of business businesses have based a ransomware incident

143
00:07:07,480 --> 00:07:10,840
Speaker 3: in the past year. So while fewer ransoms are being paid,

144
00:07:11,360 --> 00:07:15,200
Speaker 3: the volume of attacks hasn't really slowed down. Instead, cyber

145
00:07:15,240 --> 00:07:18,040
Speaker 3: criminals are changing their approach. You know, we're seeing far

146
00:07:18,080 --> 00:07:21,520
Speaker 3: more aggressive extortion tactics like threatening to leak stolen data,

147
00:07:21,800 --> 00:07:25,640
Speaker 3: as Darren referred to earlier. That's essentially known as double extortion.

148
00:07:26,080 --> 00:07:28,240
Speaker 3: They're casting a wider net and so they're hitting different

149
00:07:28,280 --> 00:07:32,520
Speaker 3: sectors and business sizes. You know, manufacturing and mid sized

150
00:07:33,080 --> 00:07:36,240
Speaker 3: companies are reporting more attacks, but really, at the end

151
00:07:36,280 --> 00:07:38,520
Speaker 3: of the day, no one's off the radar and no

152
00:07:38,520 --> 00:07:42,760
Speaker 3: one's safe. And interestingly, smaller, less sophisticated games are now

153
00:07:42,800 --> 00:07:46,240
Speaker 3: becoming more active, so you know, they're often asking for

154
00:07:46,280 --> 00:07:49,360
Speaker 3: payments via wire transfer, which is which is pretty uncommon.

155
00:07:49,360 --> 00:07:52,040
Speaker 3: I think it's such a shift away from the big

156
00:07:52,080 --> 00:07:56,680
Speaker 3: players who still prefer cryptocurrency as their main form of payment.

157
00:07:57,680 --> 00:07:59,720
Speaker 3: I was sort of having a think about this earlier,

158
00:07:59,720 --> 00:08:02,960
Speaker 3: and you know, I can recall several recent ransomware case

159
00:08:03,000 --> 00:08:06,840
Speaker 3: studies in which mcgrindical has assisted impacted businesses where there

160
00:08:06,840 --> 00:08:10,840
Speaker 3: has been a clear shift toward highly coordinated campaigns that

161
00:08:10,920 --> 00:08:16,640
Speaker 3: target multiple entities simultaneously, rather than the isolated, uncoordinated attacks

162
00:08:16,680 --> 00:08:19,920
Speaker 3: that we've seen in the past. So, you know, those campaigns,

163
00:08:20,600 --> 00:08:23,880
Speaker 3: there's a real sense of coordination between threat actors and

164
00:08:24,040 --> 00:08:27,559
Speaker 3: different threat groups that they're getting in through specific attack

165
00:08:27,640 --> 00:08:30,200
Speaker 3: vectors now often using what we referred to as zero

166
00:08:30,320 --> 00:08:34,400
Speaker 3: day vulnerabilities. The approach is stealthy as well, so the

167
00:08:34,520 --> 00:08:39,000
Speaker 3: goal is to avoid immediate disruption and focus on quietly

168
00:08:39,120 --> 00:08:42,280
Speaker 3: extra training and stealing data rather than causing obvious damage

169
00:08:42,320 --> 00:08:45,280
Speaker 3: to the environment and to the business. And then importantly,

170
00:08:45,360 --> 00:08:49,199
Speaker 3: you know these attacks are executed across several organizations at

171
00:08:49,200 --> 00:08:51,319
Speaker 3: once really to maximize the impact.

172
00:08:52,120 --> 00:08:56,040
Speaker 1: Okay, Darren, how are restraining organizations then thinking about cybersecurity

173
00:08:56,800 --> 00:09:01,600
Speaker 1: given that and their incidant response strategies, particularly since they're

174
00:09:01,600 --> 00:09:04,959
Speaker 1: not paying reasons as much that they must have some

175
00:09:05,400 --> 00:09:07,160
Speaker 1: sort of other strategy in play here.

176
00:09:08,559 --> 00:09:10,640
Speaker 2: And we've always wanted to get to the psyche behind

177
00:09:11,160 --> 00:09:13,000
Speaker 2: the why people do that, and that's why we started

178
00:09:13,000 --> 00:09:15,600
Speaker 2: this survey. We just wanted to understand why we thought

179
00:09:15,600 --> 00:09:17,560
Speaker 2: that this was an option every time. But at the

180
00:09:17,559 --> 00:09:19,959
Speaker 2: same time we're asking or what are you doing about

181
00:09:20,480 --> 00:09:23,120
Speaker 2: your business and how are you changing to adapt to

182
00:09:23,160 --> 00:09:27,360
Speaker 2: the risk. A lot of once again great positive outcomes,

183
00:09:27,360 --> 00:09:29,360
Speaker 2: and the survey around the number of businesses that are

184
00:09:29,400 --> 00:09:33,440
Speaker 2: focusing on being prepared building plans. One thing that we

185
00:09:33,520 --> 00:09:36,240
Speaker 2: have seen personally as a firm is the number of

186
00:09:36,240 --> 00:09:39,840
Speaker 2: businesses that are actually practicing those plans. We talk about

187
00:09:39,840 --> 00:09:43,800
Speaker 2: cyber simulations and cyber tabletops where boards and executives come

188
00:09:43,840 --> 00:09:46,720
Speaker 2: together to actually test that if they were to have

189
00:09:46,800 --> 00:09:49,240
Speaker 2: this issue play out, how would they be able to

190
00:09:49,240 --> 00:09:51,800
Speaker 2: respond and is everything they've done to prepare for it

191
00:09:51,840 --> 00:09:55,400
Speaker 2: going to be enough. The number one tabletop we do

192
00:09:55,600 --> 00:09:58,800
Speaker 2: is a ransomware event. Every board wants to go through

193
00:09:59,080 --> 00:10:01,200
Speaker 2: what would they do as business should they actually have

194
00:10:01,280 --> 00:10:04,000
Speaker 2: this issue play out? What decisions would they need to make,

195
00:10:04,080 --> 00:10:06,720
Speaker 2: and actually have the conversations and the debates early on

196
00:10:07,160 --> 00:10:09,439
Speaker 2: so that they can be prepared to actually move quickly.

197
00:10:09,800 --> 00:10:12,080
Speaker 2: That's something we're seeing more this year than we have

198
00:10:12,240 --> 00:10:14,960
Speaker 2: and that the survey results go and actually confirm that

199
00:10:15,080 --> 00:10:17,600
Speaker 2: as well, with the responds actually saying that they've done

200
00:10:17,600 --> 00:10:19,840
Speaker 2: those things. The last sort of thing we've sort of

201
00:10:19,840 --> 00:10:23,079
Speaker 2: seen is a real shift into businesses wanting to now

202
00:10:23,120 --> 00:10:26,439
Speaker 2: adopt intelligence to inform them as well. Now a lot

203
00:10:26,440 --> 00:10:29,520
Speaker 2: of these things are outed on the dark web. Some

204
00:10:29,640 --> 00:10:31,640
Speaker 2: businesses don't even know they've had an incident until their

205
00:10:31,720 --> 00:10:34,480
Speaker 2: data is for sale somewhere. Some of these attacks have

206
00:10:34,520 --> 00:10:38,040
Speaker 2: started because an employees lost their credentials online and it's

207
00:10:38,080 --> 00:10:40,960
Speaker 2: those credentials that are stolen and then maybe resolved that

208
00:10:41,000 --> 00:10:43,360
Speaker 2: are used to attack them. Intelligence is part of that

209
00:10:43,400 --> 00:10:45,960
Speaker 2: preparedness now, so they can know about these things well

210
00:10:46,000 --> 00:10:50,480
Speaker 2: before it becomes the ransomare incident. They're trying to avoid, Brandon.

211
00:10:50,600 --> 00:10:53,760
Speaker 1: Why do you think that businesses have changed as such?

212
00:10:53,840 --> 00:10:56,800
Speaker 1: Is it because of the legislation? Is it because this

213
00:10:56,880 --> 00:10:58,600
Speaker 1: is a fifth year of the survey and they're hearing

214
00:10:58,640 --> 00:11:01,600
Speaker 1: a lot more about it? Then the next question after

215
00:11:01,640 --> 00:11:04,200
Speaker 1: that will it continue? Will they keep getting better at it?

216
00:11:05,600 --> 00:11:11,360
Speaker 3: Yeah? I might just circle back to something Darren mentioned earlier, Sean,

217
00:11:11,520 --> 00:11:14,200
Speaker 3: So let me start with the new mandate and then

218
00:11:14,200 --> 00:11:16,880
Speaker 3: we'll get into I guess how businesses are a feeling

219
00:11:16,880 --> 00:11:20,320
Speaker 3: about the reporting. So earlier this year, the Australian government

220
00:11:20,400 --> 00:11:25,280
Speaker 3: introduced mandatory reporting for ransomware and cyber extortion payment. So essentially,

221
00:11:25,320 --> 00:11:27,160
Speaker 3: if a business turns over more than the three million

222
00:11:27,200 --> 00:11:30,800
Speaker 3: dollars and there are some exceptions, so Commonwealth and state

223
00:11:30,840 --> 00:11:35,880
Speaker 3: government bodies and certain critical infrastructure operators as well, they

224
00:11:35,920 --> 00:11:38,800
Speaker 3: now have to report any ransomware payment to the Australian

225
00:11:38,840 --> 00:11:42,839
Speaker 3: Signals Director within that seventy two hour period. If you

226
00:11:42,880 --> 00:11:46,680
Speaker 3: don't comply, the penalties range from I think just under

227
00:11:46,720 --> 00:11:49,480
Speaker 3: twenty thousand for individuals and up to ninety nine thousand

228
00:11:49,480 --> 00:11:52,360
Speaker 3: for companies. So the idea behind this is pretty clear,

229
00:11:52,800 --> 00:11:58,360
Speaker 3: improve visibility into ransomware incidents, disrupt the criminal business model,

230
00:11:58,679 --> 00:12:02,079
Speaker 3: and essentially help shape national policy, which is something that

231
00:12:02,880 --> 00:12:06,040
Speaker 3: came out in the strategy a few years ago. It's

232
00:12:06,080 --> 00:12:09,520
Speaker 3: still early days, though, but I guess we're seeing signs

233
00:12:09,559 --> 00:12:13,600
Speaker 3: that this is raising awareness and encouraging more transparent incident management.

234
00:12:14,120 --> 00:12:16,800
Speaker 3: That said, I think it's too soon to say whether

235
00:12:16,840 --> 00:12:20,520
Speaker 3: it's actually reducing attacks for now, though the government seemed

236
00:12:20,520 --> 00:12:23,640
Speaker 3: to be focused on education and compliance for the remainder

237
00:12:23,679 --> 00:12:27,839
Speaker 3: of this year rather than forcing penalties. If we look

238
00:12:27,880 --> 00:12:32,920
Speaker 3: at I guess the attitudes to reporting, our survey showed

239
00:12:32,920 --> 00:12:36,160
Speaker 3: that seventy one per cent respondents said they believe reporting

240
00:12:36,200 --> 00:12:39,520
Speaker 3: a ransomware attacked to authorities should be mandatory, and there's

241
00:12:39,520 --> 00:12:42,880
Speaker 3: a real strong sense that underreporting in the past has

242
00:12:42,960 --> 00:12:46,880
Speaker 3: really limited the government's ability to understand the threat landscape

243
00:12:46,880 --> 00:12:51,679
Speaker 3: and that sharing information is key to building a collective defense.

244
00:12:52,480 --> 00:12:55,679
Speaker 3: That said, though some businesses are still worried about reputational

245
00:12:55,760 --> 00:13:01,320
Speaker 3: risk and the possibility of regulatory scrutiny which really could

246
00:13:01,320 --> 00:13:04,920
Speaker 3: influence how willing they are to report. And honestly, I

247
00:13:04,920 --> 00:13:07,560
Speaker 3: wouldn't be surprised if we see a swing in the

248
00:13:07,600 --> 00:13:11,720
Speaker 3: reporting statistics twelve months from now when we do this again,

249
00:13:12,960 --> 00:13:15,360
Speaker 3: once the new regime has had time to bed in.

250
00:13:16,200 --> 00:13:18,720
Speaker 1: Okay, Darren, Brendan, thank you for talking to Fear and Greed.

251
00:13:18,960 --> 00:13:20,000
Speaker 2: Thanks all, Thanks all.

252
00:13:20,440 --> 00:13:23,000
Speaker 1: That is Darren Hopkins, head of Cyber and Brendan Paine,

253
00:13:23,160 --> 00:13:26,480
Speaker 1: cyber partner at mcgrad Nicol, a supporter of this podcast.

254
00:13:26,520 --> 00:13:28,880
Speaker 1: I'm Seanaelmer, and this is Fear and Greed Q and

255
00:13:28,960 --> 00:13:34,520
Speaker 1: Day