8th November 2023, Sydney, Australia – Following a survey of 170 Australian Chief Information Security Officers (CISOs) representing organisations responsible for over 18% of Australia’s GDP, local technology research and advisory organisation, ADAPT, has today released the results of its forward-looking 2023 Security Edge survey, which outlines the top priorities for cybersecurity leaders over the next twelve months
Matt Boon, Senior Strategic Research Director at ADAPT, said while a growing appetite for beefed up cybersecurity is clear, many organisations continue to struggle to navigate the internal challenges involved with security transformations:
“It’s taken a very long time for teams to invest in security, but at this point the goalposts have shifted. Measures that used to be effective simply aren’t cutting it against new threats. Leadership gets it – but the next obstacle is to understand what success looks like and work towards it. With the prevention of brand damage now on the mind of 89% of CISOs, companies are willing to do more to remain secure by working across departments – though that’s easier said than done as it’s not always clear how to navigate the issues internally.”
Cybersecurity budget issues re-emerging amid economic uncertainty
When asked about the most significant business issues inhibiting cybersecurity efforts, a full 59% of respondents cited a lack of budget as a key obstacle, as opposed to just 30% of respondents in 2022. The perception of funding as a shortfall, however, has reduced significantly since 2021, when ADAPT revealed 82% of CISOs considered a lack of funding as a barrier to security initiatives.
Matt Boon believes continued economic uncertainty is getting in the way of the budgets needed to remain secure:
“As companies look to optimise costs, there’s much more competition within IT departments for the same pool of cash. Although cybersecurity is enjoying more time in the sun than before, CISOs are still working overtime to make the case for funding of their cause.”
Greater appetite for cyber at the Board level
81% of respondents agreed that their ability to deal with cyber threats has improved over the last 12 months, while 62% of CISOs found it easy to help boards understand the importance of cybersecurity:
“Companies are keen to stay out of the headlines as a result of a cyber breach, particularly as we’ve seen responsibility for high-profile breaches ultimately laid at the feet of the CEO, not the cybersecurity team. This is making the case for proactive cybersecurity measures much stronger in the eyes of company leadership, never bad news for the CISO”.
Overly complex technology stacks hampering cyber efforts
When asked about the main technical reasons preventing more robust cybersecurity, 67% of CISOs reported issues with legacy technology and processes, while a full 50% claimed their technology stacks were too complicated. Matt Boon says the result is hardly surprising, and that a more considered allocation of existing budgets will serve organisations well:
“It’s not always about spending more, but about spending more wisely. Companies dealing with too many solutions which often don’t even guarantee greater security will do well to reframe their cyber strategy, which can include cost-effective security training architectural-style solutions including SaSe and Zero-trust models”.
Rates of cyber training inadequate: ADAPT analyst
While cybersecurity awareness training for employees is the number one investment priority of CISOs, with 45% of respondents expecting to invest in training over the next 12 months, it represents just seven per cent of CISOs overall security budgets. Mr Boon says that given the frequency of cyber breaches caused by human error, security leaders must do what they can to improve spending in the area:
“Organisations are mistaken if they think they can ‘buy’ security without first cultivating a cyber-aware workforce. Given the positive impact a digitally fit workforce can have on a company’s cyber posture, companies should reconsider what they’re spending on tools versus what they’re spending on people.”
About ADAPT
Established in 2010, ADAPT is an Australian specialist IT research and advisory firm supporting a community of over 3,000 executives and key decision-makers in both Australia and New Zealand, who count on ADAPT to empower them to make data-driven decisions designed to improve productivity within their organisations and drive positive change for current and future generations.