IT Brief Australia - Technology news for CIOs & IT decision-makers
Story image
Australian organisations feel unprepared for IT security threats
Mon, 5th Jul 2021
FYI, this story is more than a year old

Organisations across Australia do not feel confident in their preparedness in the face of an IT security threat, new research has found.

The Fortinet Networking and Cybersecurity Adoption Index, a major research study examining the cybersecurity readiness and approach of Australian organisations, revealed only 29% of respondents felt highly prepared for an IT security threat, and just 36% of businesses said they had complete transparency around risk vulnerability in cybersecurity.

The index produced a score for respondents between zero and 100 with zero being completely unprepared and 100 being extremely well-prepared when it comes to cybersecurity. It incorporated three pillars of success: people; process; and platform.

The index put the overall readiness score of Australian businesses at 73, indicating that there is significant work to be done to prepare Australian businesses for the inevitability of a cyberattack.

Australian organisations obtained a platform score of 75, a people score of 77, and a process score of just 68. While the people and platform scores were relatively strong, Australian businesses must focus on process to improve their overall cybersecurity preparedness.

This was reflected in the in-depth results, which revealed only 29% of respondents felt highly prepared for an IT security threat and 11% were unsure if they were prepared.

Broken down by size, 27% of small companies felt highly prepared while 39% of medium businesses and 48% of large businesses felt prepared.

The report found just 36% of businesses said they had complete transparency around risk vulnerability in cybersecurity, while only 57% said they were successful in aligning their security and business objectives. Only 55% said there were clear responsibilities and security accountability throughout the organisation, and 21% of respondents said they were only minimally or somewhat resourced for IT and data protection, while just one-third said they were highly resourced.

“The threat landscape has never been as complex or fast-moving as it is right now," says Jon McGettigan, regional director Australia, New Zealand, and the Pacific Islands, Fortinet.

"The accelerated and ongoing digital transformation across Australian organisations has led to a greater reliance on technology. While this is powering businesses' recovery from the pandemic, it also creates significant risk, as any cyberattack could have profound consequences," he says.

"Organisations need to understand where they sit in relation to cybersecurity preparedness so they can determine their ongoing strategy."

McGettigan says the Networking and Cybersecurity Adoption Index is a significant undertaking with questions carefully calibrated to dive deep into the heart of what's driving Australian organisations when it comes to cybersecurity.

The report revealed four essential takeaways for Australian businesses looking to better understand their cybersecurity posture:
1. Cybersecurity is considered an all-or-nothing commitment, and any vulnerabilities can put the entire system at risk.
2. Cost, lack of expertise, and the time and effort required are the greatest perceived barriers to cybersecurity success.
3. Remote working opens a new cybersecurity vulnerability for many businesses in the long term, warranting further investment in the coming year.
4. Considerable IT security investments have been made recently and more are planned soon. Lack of decision-making efficiency around IT investment and planning can impede implementation of meaningful and timely improvements.

“Cybersecurity preparedness is about more than just getting the technology right," McGettigan says.

"The Networking and Cybersecurity Adoption Index found that process is the weak link for most organisations; however, there is plenty of room for improvement across all three pillars," he says.

"Importantly, the study highlighted that organisations struggled with the process component, finding it difficult to maintain discipline and staff buy-in when it comes to cybersecurity.