Trend Micro study reveals cybersecurity gaps in Australia
Cyber security firmTrend Micro has published new research revealing significant gaps in cybersecurity among Australian organisations, highlighting issues such as inadequate staffing and insufficient board accountability.
The research indicates that only 37% of the organisations surveyed have the necessary staffing to provide round-the-clock cybersecurity coverage, a figure that suggests considerable vulnerabilities remain unaddressed. Furthermore, only 37% of the surveyed organisations utilise attack surface management techniques to gauge risk, and a mere 38% follow established frameworks like the NIST Cybersecurity Framework.
Srujan Talakokkula, Managing Director, ANZ Commercial at Trend Micro, commented on the findings, stating, 'This study reveals Australia has a lack of clear leadership on cybersecurity, which can have a paralysing effect on an organisation—leading to reactive, piecemeal and erratic decision making.
"One of the most concerning aspects is the lack of accountability from business leadership, and a lot of that comes down to collaboration and communication across the business," he said.
Talakokkula said companies need CISOs to clearly communicate in terms of business risk to engage their boards.
"Ideally, they should have a single source of truth across the attack surface from which to share updates with the board, continually monitor risk, and automatically remediate issues for enhanced cyber-resilience," he said.
The survey, which gathered insights from 100 Australian IT leaders, revealed that the major gaps in cyber-resilience are primarily due to insufficient staffing levels for comprehensive cybersecurity coverage, lack of attack surface management practices, and limited use of cyber frameworks. These represent critical areas where organisational improvements are required.
According to the research, significant issue identified is the perception of responsibility within organisations. A striking 37% of respondents claimed there is a disconnect at the leadership level, with cybersecurity not being deemed a crucial responsibility. Additionally, almost one-third of responses indicated that IT teams are viewed as chiefly responsible for mitigating business risk, demonstrating a widespread ambiguity in responsibility assignments.
The inconsistency in how organisations approach cyber risk is another concern, with 47% of global respondents indicating that their organisation's attitude towards cyber risk fluctuates regularly. This variable approach can lead to vulnerabilities being exploited, Trend Micro said.
Many organisations also expressed concerns about their ability to manage their attack surface effectively. Ninety-four percent of respondents are worried about their attack surface, while one-third are concerned about identifying and mitigating high-risk areas. Moreover, nearly a quarter of those surveyed lack a "single source of truth" to manage and monitor these risks.