Research: Major Australian data breaches in 2022 have broken down barriers for cybersecurity investments, and improved technology and business leader alignment

• 52% of Australian businesses admit they haven’t invested enough in cybersecurity
• 70% of Australia’s business leaders are now willing to increase cybersecurity budgets, following the high profile breaches of 2022
• Australian businesses are split close to 50/50 on whether they would pay a ransomware demand

Sydney, Australia – 7th February, 2023 – Netskope, a global cybersecurity leader, has today released findings from research which sought to analyse the fallout from the major data breaches experienced by Australian organisations in 2022. Netskope surveyed 300 Australian IT professionals to find out, and discovered a marked shift in their experiences of their business leadership’s commitment to cybersecurity over the past three years. 

When asked about their cybersecurity spendings in the last 3 years, a majority of technology leaders (52%) admitted that their organisation has not invested enough in cybersecurity, with nearly one in five (18%) believing that it was not a priority. Among small businesses, the problems are more profound, with 69% not investing enough in cybersecurity, according to the IT professionals within those businesses, and one in three (33%) asserting that it simply wasn’t a priority. 

However, headline-grabbing Australian data loss incidents have acted as a catalyst for change. When asked how the events have influenced awareness among their organisation’s leadership, more than three-quarters (77%) of respondents said their leadership’s awareness of cyberthreats had increased, and 70% were also seeing an increase in leadership’s willingness to invest in cybersecurity.  

“The data breaches that occurred last year deeply impacted the Australian community, but it seems there is some positive to draw from those events,” said David Fairman, Chief Information Officer and Chief Security Officer for APAC at Netskope. “In the last decade, attitudinal gaps between technology and business leaders regarding cybersecurity have been a key factor slowing down cybersecurity improvements, and it seems that both teams are now – at last – on the same page, ready to bolster cyber defences for their organisation and customers. Even though no organisation is ever fully protected from cyber threats, we need this united front to show cybercriminals that we won’t make it easy for them and Australia won’t be an easy target anymore.”

While growing budgets are a positive development and a key indicator, they pertain to future plans. In the present, there are still issues to address among Australian businesses. The research shows that currently, only 27% of Australian tech leaders have well-defined and stringent incident response plans to face a variety of scenarios, and regularly exercise them.  A dangerously low percentage.

While awareness of cyber risks has certainly grown as a result of high profile Australian examples dominating the headlines, there is no consensus on how to handle an incident. Research participants were divided, with just half (51%) stating they’d be unlikely to pay if they were victims of ransomware. 

Finally, reiterating the importance of alignment between technology and business leadership teams, 17% of tech leaders stated that a lack of prioritisation of cybersecurity among leadership was the biggest obstacle to cyber security improvements.

David Fairman concluded; “Despite an increased willingness in making cybersecurity a priority, many organisations simply don’t have enough financial or human resources to bring their plans to fruition, especially in a challenging economic environment with ongoing geopolitical instability. As a country, we need to do what we can to accelerate the production of industry professionals and graduates, making use of both public and private initiatives. In the meantime, Australian businesses can immediately look to rationalise their cybersecurity investments, to deliver more for their money. They can’t look for one solution to every threat out there, and fortunately, there’s advances in solutions that offer broader defences across the digital environment, enabling consolidation and simplification of the cybersecurity technology stack, and bringing down the cost of operations and resources necessary to run them.” 

###

Methodology

Netskope commissioned Sapio Research to survey 300 technology leaders from Australian organisations, from January 17 to January 30 2023. Of all respondents, 55% are the main decision makers over their organisation’s IT security, 39% are one of several decision-makers in this area, and 6% are not decision-makers, but are across their organisation’s cybersecurity decisions and plans. 20% of respondents are C-level, 3% VP, 21% Director, and 55% manager levels. 38% work in organisations with 1 to 19 employees, 27% with 20 to 199 employees, 18% with 200 to 999 employees, and 17% with more than 1000 employees. 

About Netskope

Netskope, a global SASE leader, is redefining cloud, data, and network security to help organisations apply zero trust principles to protect data. Fast and easy to use, the Netskope platform provides optimised access and real-time security for people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, and private application activity. Thousands of customers, including more than 25 of the Fortune 100, trust Netskope and its powerful NewEdge network to address evolving threats, new risks, technology shifts, organisational and network changes, and new regulatory requirements. Learn how Netskope helps customers be ready for anything on their SASE journey, visit netskope.com.