IT Brief Australia - Technology news for CIOs & IT decision-makers
Australia
Datacom
#
Data Protection
#
DR
#
Phishing

Australian cyber resilience gap widens as recovery plans lag

Tue, 21st Apr 2026 (Today)
Author image
By Mark Tarre, News Chief

Datacom has published research highlighting a gap in cyber resilience across Australian organisations, based on a survey of more than 500 security leaders.

Its 2026 Cybersecurity Index found that 77% of Australian security leaders believe they have sufficient visibility across risks, vulnerabilities and compliance, while 70% said they have the resources to respond to a cyber attack.

That confidence was not matched by recovery planning. Only 32% of Australian organisations said they had a business continuity or cyber incident response plan in place, rising to 36% among large enterprises and falling to 29% among small and medium-sized businesses.

Recovery gap

Leaders often expect full recovery within days, even though complex incidents can take weeks or months to resolve. Datacom attributed longer recovery periods to untested plans, fragmented tools, limited supply-chain visibility and unclear decision-making authority.

"Australian organisations have built powerful radar but many still lack a safe runway when an incident hits," said Mark Hile, Managing Director, Infrastructure Products, Datacom.

"The focus must shift from 'monitor and escalate' to 'engineer and stabilise'. Resilience is now the differentiator - rehearsed response, clear delegations and time‐to‐recovery metrics that business leaders understand," Hile said.

The report also found a gap between investment in threat detection and investment in response and remediation. According to the index, detection maturity has advanced faster than resilience and business continuity planning.

Just over half of organisations rated themselves as either proactive and optimised or fully optimised and continuously improving in both Threat Informed Defence and Cyber Intelligence Driven Prioritisation, at 51% for each category.

Regular testing remained a key difference between organisations that recover quickly and those that do not, according to Collin Penman, Chief Information Security Officer at Datacom.

"What separates organisations that recover in days from those that take months isn't detection capability - it's practice," Penman said.

"A plan that's never been tested isn't a plan. Regular exercises build muscle memory, so response becomes automatic, coordinated and fast in the event of a cyber incident."

AI and pressure

The study found that 97% of Australian organisations reported either partial or full automation in incident detection and response, suggesting many are structurally prepared to adopt a further wave of AI-based security tools.

At the same time, Australian leaders again ranked AI-based attacks and phishing among their top concerns. The report said attackers are increasingly using automation and deepfakes, cutting attack timelines from weeks to hours, while legacy applications remain a major weakness.

Responsibility for cybersecurity remains concentrated in IT and security teams, adding pressure to limited staff numbers. That strain is reflected in workforce data, with 36% of Australian security leaders reporting burnout within their teams, linked to event overload, compliance complexity and finite staff capacity.

Sovereignty concerns

The index also highlighted concern over where data and compute resources are located. It found that 65% of Australian organisations are concerned about sovereignty and the long-term viability of in-country AI compute capacity, particularly in regulated sectors.

Despite that, there has been limited movement away from offshore-based platforms. The research also found that policy action in Australia remains more measured than in regions such as the European Union or South Korea.

"Sovereignty is no longer a theoretical conversation - it's a practical risk assessment," said Hile.

"Australian organisations want confidence that their data, their compute capacity and their critical workloads will remain available and under their control, regardless of what happens globally. The answer isn't isolation, it's smart partnership, combining local infrastructure, trusted regional capability and global technologies engineered for resilience," he said.

Operating models

The research pointed to a shift in how organisations structure security operations. Active partnerships with managed security service providers fell to 45% of Australian organisations from 55% a year earlier, suggesting a reassessment of the traditional outsourced model.

Priorities remained steady across threat detection and monitoring, employee culture and training, and data protection. Yet only 32% of organisations had tested continuity or incident response plans, leaving a central weakness in business recovery readiness.

Related stories
Tes launches Tes360 connected platform for schools
PaySauce taps ex-Xero duo to drive Australian push
Anthropic expands Amazon tie-up in USD $5 billion deal
Cohesity appoints Nigel Lee to lead APJ technical sales
Tuned Global launches streaming manipulation detection

Top stories

Ideally raises AUD $13.4m to expand US market research
Commvault expands Flex with Hitachi Vantara & NetApp
Supply chain leaders prioritise sustainability, survey finds
SAP unveils agentic AI tools for manufacturing supply
Why runtime identity is emerging as the next cybersecurity imperative