Thursday, 24 March 2022 11:35

IT executives unprepared for cybersecurity risks, according to KnowBe4 research


IT decision-makers are complacent about risks from phishing and business email compromise, also known as CEO fraud, according to research by KnowBe4.

Fewer than four in ten (38%) Australian IT decision makers say they are concerned about phishing as a risk to their organisation while even fewer are concerned about BEC (business email compromise) (28%).

When asked to determine whether example emails and SMS were real or fake, only 3% of Australian IT decision-makers were able to correctly identify them all, the study revealed.

Twenty-three percent of IT decision-makers use their work phones for personal activity (9% higher than indicated by office workers) and 15% use their work email address for personal activity.

KnowBe4 security awareness advocate Jacqueline Jayne raises her concerns.

“When those charged with keeping a business secure are unaware of the risks and unable to identify scam emails and SMS messages, their organisations are at significant risk. According to the ACCC, Australians lost a record $323 million to scams in 2021 (up a massive 84% from the previous year). If those in charge of security are unaware of best practices, then they cannot educate and train employees,” Jayne says.

“When employees are using their work email address for personal activities such as online shopping, they are much more likely to fall victim to a phishing attack that uses a hook such as delivery delays to entice the victim to click through. Having a clear separation between work and personal activities makes it much easier to spot when an email is a scam – if you know you never shop online using your work email address, then you know that email from Amazon cannot be real,” Jayne adds.

Data breach protocol
Only four in ten (42%) IT decision-makers are confident that they know the steps they would need to take following a cyber incident or data breach in their organisation.

Only four in ten Australian IT decision-makers believe that employees in their organisations understand the business impact of falling victim to a cyberattack (40%). They are confident that their employees can identify phishing and BEC emails (42%) and that their employees report all emails they believe to be suspicious (39%).

Security investment
Only two thirds (67%) of IT decision-makers say they plan on investing in/spending money towards cybersecurity in 2022. Those who plan on investing in/spending money towards cybersecurity in 2022:

Are most likely to be investing in/spending money on new cybersecurity software solutions (68%).
Followed by a cybersecurity awareness training program with ongoing and relevant content (55%).

Other areas of investment include further investment in infrastructure (44%), employee policy changes related to cybersecurity (38%), cybersecurity insurance (34%) and simulated phishing and social engineering for end users (30%).

Those who are planning on investing in/spending money towards cybersecurity in 2022 are more likely than those who are not to say that they are concerned about phishing (49% compared to 18%) and BEC (35% compared to 13%).

Read 1454 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.

Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Kenn Anthony Mendoza

Kenn Anthony Mendoza is the newest member of the iTWire team. Kenn is also a contributing writer for South China Morning Post Style, and has written stories on Korean entertainment, Asian and European royalty, Millionaires and Billionaires, and LGBTQIA+ issues. He has been published in Philippine newspapers, magazines, and online sites: Tatler PhilippinesManila BulletinCNN Philippines LifePhilippine StarManila Times, and The Daily Tribune. Kenn now covers all aspects of technology news for

Share News tips for the iTWire Journalists? Your tip will be anonymous