The study interviewed almost 2000 security professionals across 11 countries including 209 in Australia. It found that most Australian organisations have suffered a breach which cost over $1 million and had a significant impact to business.
Longer downtime is one of the key factors identified in the study that is resulting in higher financial costs to businesses. The study looked into the effect and costs of outages on Australian businesses and found that 75% of Australian organisations experienced an outage of 5-16 hours. This is significantly longer than the global average of 43%. A massive 84% of Australian businesses also reported their most severe breach cost them over $1 million, higher than any other country in the Asia Pacific region of the report.
Cisco says that with the number of cyber threats increasing rapidly, the real challenge for Australian businesses is how they can best prepare and invest to fight the increase in daily alerts and prevent monetary loss. More than two thirds (69%) of Australian organisations reported receiving more than 100,000 alerts every day, more than double last year’s figure. Of these most are identified as false. Last year 65% of investigated alerts were legitimate, now only 33% are, highlighting the increase of false alerts.
The sheer number of incoming threats is having a drastic impact on ‘cybersecurity fatigue’ says the report, which finds that Australian businesses are experiencing a higher level of fatigue – 65% in comparison to the global average of just 30%.
Cyber security fatigue is defined in the report as organisations having almost given up on proactively defending against threats due to the rapid evolution of attacks. Hackers are no longer just targeting IT infrastructure, but have started to attack operational infrastructure, intensifying the challenge for most organisations. In Asia Pacific 25% of respondents have already experienced an attack on their operational infrastructure (versus 21% globally), and 73% expect this trend to increase in the next year (versus 64% globally).
Cyber security adoption is also highlighted as a key issue in the study. For the first time budget constraints were reported as the top obstacle (37%), followed by organisational culture and attitudes about cyber security (32%) and competing priorities (30%). This compares to last year’s top challenges of certification (33%), organisational culture (30%) and competing priorities (28%). But the report says Australia is making great strides when investing in people and teams rather than just technology. They are relatively confident in their security tools’ ability to deal with adapting threats.
Cisco Australia and New Zealand’s Director, Cybersecurity, Steve Moros said: “Businesses are now facing challenges from all sides.; It is a constant battle. Our report shows that data breaches and attacks are increasingly costing businesses and they are having to fight constant levels of attacks and in turn suffer cyber fatigue where they don't have the resources, either in people or time, to proactively protect their business.
“It is clear that investing in people and skills is the best way forward to alleviate cyber fatigue and increase proactive cybersecurity, particularly around identifying false threat quickly to focus on the high-risk threats. There is no doubt that as we move into a more digital open playing field these threats will increase, but by investing in upskilling in cybersecurity and working with security partners we can all fortify our cybersecurity workforce for the better.
“What we can see is that CISOs struggle with user behaviour, and a Zero Trust approach can help minimise the impact of that,” said Moros. “This helps organisations to protect users and their devices against stolen credentials, phishing and other identity-based attacks, manage multi-cloud environments and contain lateral movement across the network, and gain insight into users and devices, identify threats and maintain control across all connections in the network.