Thursday, 07 November 2019 10:23

Data breaches worst in Australia, says Cisco. But beware ‘cyber security fatigue’ Featured


Cisco’s annual Asia Pacific Chief Information Security Officer Benchmark Study says that data breaches are costing Australian businesses more than those in any other country in the region.

 The study interviewed almost 2000 security professionals across 11 countries including 209 in Australia. It found that most Australian organisations have suffered a breach which cost over $1 million and had a significant impact to business.

Longer downtime is one of the key factors identified in the study that is resulting in higher financial costs to businesses. The study looked into the effect and costs of outages on Australian businesses and found that 75% of Australian organisations experienced an outage of 5-16 hours. This is significantly longer than the global average of 43%. A massive 84% of Australian businesses also reported their most severe breach cost them over $1 million, higher than any other country in the Asia Pacific region of the report.

Cisco says that with the number of cyber threats increasing rapidly, the real challenge for Australian businesses is how they can best prepare and invest to fight the increase in daily alerts and prevent monetary loss. More than two thirds (69%) of Australian organisations reported receiving more than 100,000 alerts every day, more than double last year’s figure. Of these most are identified as false. Last year 65% of investigated alerts were legitimate, now only 33% are, highlighting the increase of false alerts.

False alerts are also having a negative impact on fighting legitimate upcoming threats, with the number of real cyber security incidents that have been resolved down by 31%, from 69% that was recorded in 2018.

The sheer number of incoming threats is having a drastic impact on ‘cybersecurity fatigue’ says the report, which finds that Australian businesses are experiencing a higher level of fatigue – 65% in comparison to the global average of just 30%.

Cyber security fatigue is defined in the report as organisations having almost given up on proactively defending against threats due to the rapid evolution of attacks. Hackers are no longer just targeting IT infrastructure, but have started to attack operational infrastructure, intensifying the challenge for most organisations. In Asia Pacific 25% of respondents have already experienced an attack on their operational infrastructure (versus 21% globally), and 73% expect this trend to increase in the next year (versus 64% globally).

Cyber security adoption is also highlighted as a key issue in the study. For the first time budget constraints were reported as the top obstacle (37%), followed by organisational culture and attitudes about cyber security (32%) and competing priorities (30%). This compares to last year’s top challenges of certification (33%), organisational culture (30%) and competing priorities (28%). But the report says Australia is making great strides when investing in people and teams rather than just technology. They are relatively confident in their security tools’ ability to deal with adapting threats.

Cisco Australia and New Zealand’s Director, Cybersecurity, Steve Moros said: “Businesses are now facing challenges from all sides.; It is a constant battle. Our report shows that data breaches and attacks are increasingly costing businesses and they are having to fight constant levels of attacks and in turn suffer cyber fatigue where they don't have the resources, either in people or time, to proactively protect their business.

“It is clear that investing in people and skills is the best way forward to alleviate cyber fatigue and increase proactive cybersecurity, particularly around identifying false threat quickly to focus on the high-risk threats. There is no doubt that as we move into a more digital open playing field these threats will increase, but by investing in upskilling in cybersecurity and working with security partners we can all fortify our cybersecurity workforce for the better.

“What we can see is that CISOs struggle with user behaviour, and a Zero Trust approach can help minimise the impact of that,” said Moros. “This helps organisations to protect users and their devices against stolen credentials, phishing and other identity-based attacks, manage multi-cloud environments and contain lateral movement across the network, and gain insight into users and devices, identify threats and maintain control across all connections in the network.


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Graeme Philipson

Graeme Philipson is senior associate editor at iTWire. He is one of Australia’s longest serving and most experienced IT journalists. He is author of the only definitive history of the Australian IT industry, ‘A Vision Splendid: The History of Australian Computing.’

He has been in the high tech industry for more than 30 years, most of that time as a market researcher, analyst and journalist. He was founding editor of MIS magazine, and is a former editor of Computerworld Australia. He was a research director for Gartner Asia Pacific and research manager for the Yankee Group Australia. He was a long time weekly IT columnist in The Age and The Sydney Morning Herald, and is a recipient of the Kester Award for lifetime achievement in IT journalism.



Recent Comments