Local research and advisory firm, ADAPT, has today called for greater support of Australia’s IT & cybersecurity leaders as they combat lagging security awareness in the face of unprecedented cyber threats.
ADAPT’s State of Security report provides insight into the top investment priorities, drivers of cybersecurity initiatives, and challenges faced by IT & security leaders from major Australian organisations responsible for 20% of Australia’s GDP and 5% of the national workforce.
Aparna Sundararajan, Senior Research Strategist at ADAPT, said:
Cybersecurity leaders in 2021 have good reason to be frazzled.
They’re being asked to navigate a network of over 1,200 security vendors, manage thousands of staff not yet sold on the importance of cybersecurity, negotiate budget increases, find the right talent and accommodate fast-moving Government mandates into their security plans, all while dealing with a constantly evolving threat environment.”
The report shows people management was the main concern surrounding the success of cybersecurity initiatives, with executives quoting challenges caused by a lack of in-house security skills (85%), security awareness (83%), budget (82%) and security “fatigue” from teams (74%).
The leading technical challenges named by security leaders included legacy systems and processes (75%), lack of data ownership policies (58%), “shadow IT” (52%) and the management of new endpoints brought on by a distributed workforce (49%).
When asked about the threats security leaders are managing in their organisations, 90% of respondents quoted ransomware as a threat. Phishing attacks (84%), cloud security, identity theft and third-party risks (79%) all ranked highly. State-sponsored cyber warfare was also listed as a growing threat, on the minds of 62% of respondents.
It’s now beyond question that low cybersecurity literacy, not inadequate technology, presents the greatest barrier to robust security in the face of these threats, and security leaders are responding by directing their budgets to awareness programs”.
Of the 20 cybersecurity investment priorities over the next 12 months, awareness training was listed as number one among security leaders, with 43% indicating they will be allocating budgets to improving their teams’ security literacy.
Awareness training taking the top spot comes as little surprise as sophisticated cybercriminals target distributed workforces like never before.
The data shows security leaders are also feeling the squeeze of the skills shortage, with the recruitment of new talent, as well as upskilling being prioritised by 33% of respondents.”
The research shows budgets are growing, with 66% of security leaders receiving greater funding in 2020. Additionally, 72% expect security budgets to increase again in 2022, with 22% of those executives expecting budget increases of 20% or more.
At the moment, 61% of cybersecurity leaders working in Australian organisations with over 2,500 employees meet with their CEO twice a year at most, with 15% never meeting with the CEO.
New funding is encouraging, but we need more executive sponsorship of initiatives to fast-track cybersecurity awareness, only possible through more face-time between security teams and senior leadership”.
Trust has been revealed as the key theme driving cybersecurity initiatives, with respondents reporting ensuring data privacy (95%), prevention of brand damage (94%), prevention of data loss (93%), and maintenance of customer trust (90%) as key drivers. 81% and 77% of respondents also quoted adherence to government and industry regulations as drivers of cybersecurity initiatives, respectively.
Building influence is key
Cybersecurity leaders must focus on enlisting the support of top leadership as they work to secure organisations.
For CISOs, collaborating with the CIO on education initiatives targeted at senior execs can be the spark needed to start a company-wide shift in security thinking, as the C-suite is imbued with the knowledge and urgency needed to drive security conversations into every corner of their organisation.”
For 10 years, ADAPT has connected and equipped Australian and New Zealand executives with the knowledge, relationships, inspiration and tools they need to become more commercially competitive for our collective good, and for that of future generations. For more information, visit www.adapt.com.au.