In a statement, Microsoft said economic losses were calculated from direct costs, indirect costs — including customer churn and reputational damage — and also induced costs such the impact of a cyber breach to the broader ecosystem and economy, such as the decrease in consumer and enterprise spending.

The study also came to the conclusion that the potential direct economic loss caused to Australian businesses by cyber security incidents could amount to $29 billion annually - about 1.9% of Australia's GDP. Direct costs mean tangible losses in revenue, decreased profitability and fines, lawsuits and remediation.

It found that 55% of the organisations surveyed had experience a cyber security incident in the last five months; one in five companies was unsure whether they had been affected as they had not conducted proper forensics or a breach assessment.

“The number of organisations that have experienced a cyber security incident, although large, is not particularly surprising given the increased rate of cyber security attacks we’re seeing annually,” said Tom Daemen, director of Corporate, Legal and External Affairs, Microsoft.

“However, the finding that one in five Australian businesses is not performing regular forensics and data breach assessments is surprising given the frequency of attacks and suggests a need for greater awareness and a cultural shift in how we manage and think about data.”

A sense of fear and doubt about cyber security incidents was undermining the willingness of Australian firms willingness to take advantage of opportunities in the digital economy, the survey said, pointing out that 66% of respondents had said their enterprise had put off digital transformation efforts due to the fear of cyber risks.

“The fact that two-thirds of Australian organisations are putting off digital transformation efforts is concerning, when you consider that digital transformation is expected to contribute $45 billion to Australia’s economy by 2021. To combat this, we need to be instilling a data culture throughout organisations,” said Daemen.

“Data management needs to be prioritised in the boardroom as a strategic focus. Not only will this ensure organisations comply with Australian Notifiable Data Breaches Act and European GDPR legislation, but it will empower employees to see data as the strategic asset it is – and push forward with digital transformation initiatives.”

The study found that 84% of organisations in Australia had either adopted or were looking to adopt an AI approach towards boosting cyber security.

“The ever-changing threat environment is challenging, but there are ways to be more effective using the right technology and instilling the right culture,” said Daemen.

The study was based on a survey of 1300 business and IT decision-makers from Australia, China, Hong Kong, Indonesia, India, Japan, South Korea, Malaysia, New Zealand, the Philippines, Singapore, Taiwan and Thailand. All were involved in shaping their organisations’ cyber security strategies.

Forty-four percent were business decision-makers, including CEOs, COOs and directors, while 56% are IT decision-makers, including CIOs, CISO and IT Directors. Twenty-nine percent of the participants were from mid-sized organisations (250 to 499 staff); and 71% from large-sized organisations (more than 500 staff).