Australia unprepared for cybersecurity threats, says Cisco study
A recent Cisco study revealed that only 1% of organisations in Australia are prepared to defend against modern cybersecurity risks. According to the 2024 Cybersecurity Readiness Index, this lack of readiness stands as a critical issue, especially noting that 69% of respondents believe a cybersecurity incident could disrupt their business within the coming two years.
The index, which was devised in a world defined by hyperconnectivity and a rapidly evolving threat landscape, found companies struggling to defend against a variety of techniques ranging from phishing and ransomware to supply chain and social engineering attacks. The struggle got magnified due to intricately knitted security arrangements, dominated by multiple-point solutions, and an extended working environment where data can be scattered across countless services, devices, applications, and users.
This scenario carries even more gravitas with 75% of companies constrained to their current infrastructure expressing moderate to high confidence in their ability to fend off a cyberattack. This disparity between confidence and actual preparedness implies a potential misjudgement in navigation capability throughout the threat landscape and the true magnitude of the challenges that lie ahead.
The index is calibrated based on five essential pillars: Identity Intelligence, Network Resilience, Machine Trustworthiness, Cloud Reinforcement, and AI Fortification. Respondents were surveyed on their deployment of these solutions and capabilities. The companies were subsequently categorised into four stages amplifying in readiness: Beginner, Formative, Progressive and Mature.
"We cannot underestimate the threat posed by our own overconfidence," said Jeetu Patel, Executive Vice President and General Manager of Security and Collaboration at Cisco. "Today's organisations need to prioritise investments in integrated platforms and lean into AI in order to operate at machine scale and finally tip the scales in favour of defenders."
The survey found that only one per cent of companies in Australia are prepared to tackle today's threats, with over 82% of organisations classified as Beginners or at the Formative stage of readiness. Additionally, 69% expect a cybersecurity incident to interrupt their business in the next 12 to 24 months. The cost of such unpreparedness can be severe, as indicated by 53% of affected companies who noted that previous cybersecurity incidents cost them at least US$300,000.
Further findings underlined the complexity added by unsecure and unmanaged devices, potential progress impediment due to critical talent shortages, and plans of significant IT infrastructure upgrades in nearly half of the surveyed companies. "To innovate at speed, we must have cybersecurity at the core of this advancement. The data shows that even with our best efforts we are being outpaced by the speed of technology evolution," warns Corien Vermaak, Director of Cybersecurity for Cisco Australia & New Zealand.