DP World Australia, the operator of four major container terminals across the country, detected a cyber breach on Friday, resulting in the abrupt closure of its terminals and leaving cargo and containers marooned on the docks.
Home Affairs and Cyber Security Minister Clare O’Neil described the incident as a “serious” breach on X over the weekend.
“DP World manages almost 40 per cent of the goods flowing in and out of our country,” she said in a post on the social media platform.
While DP World Australia confirmed on Monday that operations resumed at the company’s ports across Australia at 9am, it noted that that does not mean that this incident has concluded.
“DP World Australia’s investigation and ongoing remediation work are likely to continue for some time,” the company said in a statement. As such, the repercussions for the wider economy are being considered by experts.
Speaking to InvestorDaily on Monday, AMP’s chief economist Shane Oliver said this cyber incident certainly adds to fears of yet another supply shock potentially boosting inflation. He acknowledged that ultimately, the extent of the shock depends on how long the incident lasts.
“If it’s just a few days, then the impact will be minor. But if it’s a few weeks then it could be yet another supply shock that adds to inflationary pressure,” Dr Oliver explained on Monday.
He warned that a succession of robust data on wages, jobs, retail sales, and inflation in the coming weeks, combined with an extended disruption caused by DP World Australia, might place additional pressure on the Reserve Bank of Australia (RBA) to consider another rate hike.
On the upside, Dr Oliver said he remains confident in a shift resolution.
“I think the more likely outcome is that the impact will be relatively minor and/or temporary as DP World uses workarounds and brings back most operations after a few days,” the chief economist said.
“If it’s only temporary it should be possible for the RBA to look through it as any price spikes should reverse as soon as it ends.”
But on Saturday evening, National Cyber Security Coordinator Darren Goldie suggested that resolving the incident would not be a swift process.
“This interruption is likely to continue for a number of days and will impact the movement of goods into and out of the country. DP World Australia is working with its stakeholders to consider the impacts on its operations at specific ports,” he said on X.
Real-life impact almost certain
On Monday, Professor Matthew Warren, director of the RMIT Centre for Cyber Security Research and Innovation, echoed expectations of tangible repercussions arising from this significant incident.
Speaking to InvestorDaily, he said that any disruption to docks directly translates to a disruption in Australia’s supply chain.
“The fact that we know it’s impacting four major ports across Australia has the potential to impact supply chains in terms of the Christmas period, but also then critical supply chains as well. So, if there’s organisations that rely very much on a sort of a just-in-time approach and are expecting key supplies to be delivered by a particular date, the longer this incident carries on, the greater the disruption,” Professor Warren said.
He clarified that even after the resolution of the cyber incident, the challenge will persist in addressing the backlog of ships currently queued at these ports.
“What we see historically when there have been these sorts of attacks on port systems, historically those attacks have been ransomware attacks and they take an extended period of time to recover from. So again, you’ve got the problem of the cyber consideration, then you’ve got the actual physical aspects of all the shipping to be processed and unloaded,” Professor Warren said.
Regarding the incident’s impact on inflation, he acknowledged several uncertainties.
“There’s still so many unknowns and I think this is always one of the issues of a cyber security incident is that they have those real-life consequences, and at the moment, we don’t know what those real-life consequences will be until we find out over an extended period of time. But I imagine that there will be real-life consequences.”
Last year, in the aftermath of the significant Optus cyber incident, the RBA highlighted the potential indirect implications for the financial system arising from cyber attacks.
“This [Optus hack], along with a number of other large-scale cyber incidents over the past year, has highlighted the need for regulators and financial institutions to continue building cyber resilience,” the central bank said at the time.
More recently, last month RBA’s assistant governor Brad Jones identified cyber security as a major operational risk at the Australian Finance Industry Association Conference.
“The scope for, and consequences of, cyber attacks continue to increase. Challenges are building from third-party technology dependencies, geopolitical tensions and resourcing constraints among smaller institutions that could be key points of vulnerability for the wider system,” Mr Jones said.
Earlier this year, the Australian Bureau of Statistics revealed that 22 per cent of businesses experienced a cyber security attack during the 2021-22 financial year – a jump from about one in 10 businesses in 2019-20.
