This is despite most (87%) of Australian respondents to the Asia Pacific research by security firm McAfee saying cybersecurity decisions are made at the board or executive level or security is always included during decision-making processes.
The results show 27% of Australian respondents describe their organisation’s cybersecurity culture as ‘strategic’ (meaning decisions are made from the top), while 60% believe cybersecurity is ‘embedded’ (meaning security is always included in the decision-making process) within their organisation.
According to Joel Camissar, Regional Director, MVISION Cloud, Asia-Pacific McAfee, “An impressive 87 percent of organisations are taking the right steps towards building a solid culture of cybersecurity. However, this isn’t translating as it should into an adequate level of cyber resilience with our Australian respondents”.
“This indicates a disconnect between the priorities and investment required to build cyber resilience, and the decisions made at the board level.
“Organisations that don’t put cyber resilience at the forefront of their approach to security expose networks and infrastructures to an expanding range of cyber risks, gifting cybercriminals the opportunity to exploit clear gaps in their security posture,” says Camissar.
“The survey found 55 percent of Australian respondents named data breaches as one of the top three cyber risks. To truly combat this, cyber resilience has to become a higher priority for Australian organisations.
“While having effective technology and security tools in place is an important piece of the puzzle, cyber resilience is not a technological capability alone – it’s an organisational one. A core ingredient to being cyber ready involves empowering business leaders to minimise business down-time, while responding to a cyberattack at the same time,” Camissar concluded.
The research highlights that:
- More than 4 in 5 (87%) of Australian respondents described their organisation’s cybersecurity culture as ‘strategic’ or ‘embedded’ within their organisation
- Over a third (35%) of Australian respondents don’t feel their organisation is cyber resilient
- Members of the C-Suite in Asia-Pacific are more likely to believe their organisation is cyber resilient (79%), compared to 66% of department heads/line of business and middle management
- Only 16% of Australian organisations believe cybersecurity incidents have a ‘high’ impact on the business
In Asia-Pacific, businesses from Australia have the lowest appetite (78%) to invest in cybersecurity technology and services despite regulations impacting their organisation.