Varonis analysed 515 responses from C-level executives and senior managers in decision-making roles. Surveyed companies include small to large businesses across industries that include IT and telecom, financial services, government, manufacturing, professional services, education, and healthcare.
Key findings from the 2021 Australian Cybersecurity Risk Report include:
- 82% of Australian organisations rated their ability to protect themselves from a cyberattack as good or very good.
- Almost two-thirds (63%) think a potential cyberattack on their organisation is likely or very likely in the next 12 months.
- Organisations listed data loss or theft as the biggest cybersecurity concern (53%), followed closely by human error (40%) and insider threats (37%).
- Loss of brand reputation was rated the top overall concern by 29% of organisations, followed by loss of intellectual property (24%) and costs associated with a cybersecurity breach (18%).
- Nearly three-quarters (71%) of organisations store sensitive information in Microsoft 365.
The report aims to shed light on how Australian organisations are adjusting to modern security challenges, safeguarding sensitive data, and mitigating risk from ransomware and insider threats. The report also offers insight into what businesses can do to minimise their risk.
Scott Leach, vice president of sales, APAC, at Varonis, says, “Four in five respondents are confident they can defend against an attack – a surprising statistic in light of today’s evolving threats and big ransomware payouts. Executives and board members must put their data first and proactively turn to cyber resilience – preventing breaches by limiting an organisation’s “blast radius” – the potential damage a compromised user or account could do during an attack.”
According to the report, “The high value of sensitive data, combined with the lack of knowledge over where this data is located and who has access to it, makes organisations prize targets for threat actors.”
Varonis recommends organisations take the following proactive steps to improve their security:
- Develop, implement and enforce data management and data access policies.
- Provide cybersecurity education for staff to avoid falling victim to phishing and spearphishing attacks.
- Focus on reducing the damage attackers can do by limiting your blast radius – the damage attackers can do once inside your environment.