Australia is ‘much more advanced’ than most Asia Pacific countries when it comes to enterprise security but still lacks the security maturity and skills needed to cope with threats.
That’s the finding of a new IDC report, which shows that while Australia is stepping up its security game, it still has some way to go.
Lydie Virollet, IDC Australia market analyst for IT services and cybersecurity, says the number of breaches on both a global and local level in 2016 pushed Australian organisations to gain awareness of their assets, risks and how to mitigate the loss of revenue, brand reputation damage and downtime from potential attacks.
“As a result, security has become a key topic in any technology implementation discussion across the country,” Virollet says.
“However, Australian organisations do not have the security maturity, nor the skills, to cope with today and tomorrow’s threat landscape,” she says.
“Building strong relationships with trusted providers, carefully selected based on the companies assets and maturity, will be critical for their survival.”
IDC Australia says Australian companies have increased their security budgets and revamped their strategy on the back of the tsunami of ransomware in 2016 and well publicised security failures, such as the IBM Census debacle.
However, the analyst company says the understanding and management of threats is a struggle most Australian organisations face, and the extremely high fragmentation of the market increases their confusion as to what solutiosn to adopt to be most secure.
“This concern and struggle does not however directly translate into effective actions,” IDC says.
“In some market sin the region the lack of compelling and enforced legislation leaves the IT security team with the paradox of how to secure the environment when the C-suite are not prepared to fund it or, as so often happens, IT security is considered important, but not enough to staff it nor fund it sufficiently.”
The IDC IT Security MaturityScape report for Australia shows 21.1% of 106 organisations surveyed fell into what IDC calls the ‘compliant companion’ segment – companies with solid security programs and control frameworks to address all regulatory needs and internal risk assessments.
Another 15.1% fell into the Proactive Partner category of companies with robust security programs with strong compliance and early exploration of the cost effectiveness of solutions; while 2.4% were ‘predictive professionals’ – where risk is recongised as an element of overall business value proposition for technology and the company seeks the most efficient and effective ways to manage enterprise security.
However, 10.1% of those surveyed were dubbed naive novices – the first stage of the five stage maturity model – with ad-hoc basic security measures, acting on security as it arises; while the biggest percentage – a full 51.3% – fell into stage two of the matruity model, and were deemed reactive responders, addressing the most significant security requirements inhouse, but looking to external sources to provide guidance in compliance-oriented programs.