Originally published in Security Brief

Cyber funding is set to surge in light of high-profile breaches, with Australian cybersecurity funding to increase 22%, according to a new study.

Following a survey of Australian Chief Financial Officers, local research and advisory organisation, ADAPT, has released the results of its forward-looking 2023 CFO Edge survey, which outlines the top priorities for heads of finance for the 2023-2024 financial year.

Matt Boon, Senior Research Director at ADAPT, said,

Fast-growing rates of cyber funding come as little surprise given the slew of high-profile data breaches.”

The responsibility of maintaining effective cybersecurity has shifted beyond just the CISO and CIO, and is now the business of the top echelons of company leadership, many of which are employing a cross-departmental approach in the hopes of keeping secure,” he says.


Budget impact of macroeconomic conditions revealed

The study reveals businesses continue to increase spending levels across a range of areas despite macroeconomic challenges.

Cybersecurity and risk management funding is set to receive the greatest increase (22%) over the previous financial year, while digital workplace management (18%), IT (14%), employee wellbeing measures (12%), and governance & compliance measures (10%) are all expected to receive additional support.

Research and Development activity is set to be paused, with respondents claiming a two per cent reduction in planned spend.

While budgets are not being cut, companies are reassessing what is essential and what can wait in light of challenging macroeconomic conditions. Large IT programs are being approached incrementally and re-prioritised towards those that can prove value faster.

Cybersecurity and generally reducing digital friction in the workplace are seen as critical investments needing attention right now, but these issues are not mutually exclusive – improvements in one area will yield benefits across other areas of key investment.


CFOs under great pressure to enable budget-heavy cybersecurity initiatives

Boon considers the predicted 22% rise in cyber spending remarkable, but unsurprising given the heightened threat environment.

“Along with a climate of almost constant data breaches in Australia, CFOs general tendency to be risk-averse has greatly helped IT leaders sell the need for cybersecurity to heads of finance,” he says.

While more funding is great and vendors with security solutions have an important role to play, company leaders need to be reminded that they cant simply buy cybersecurity.

“Further investments into cybersecurity awareness training will not go to waste, nor will any measures taken to prepare a company to respond in the event their systems or data are ultimately accessed by cyber attackers,” he says.


High levels of confidence in cyber measures despite ongoing attacks

According to the survey, 62% of Australian CFOs believe their IT security and resilience measures are effective, while 28% of respondents believe they are average, and 10% of respondents believe their cyber preparedness is poor.

“Given the rate of successful and increasingly high-profile attacks targeting Australian businesses, these self-assessments are perhaps a little too generous,” says Boon.

New cyber undertakings are absolutely necessary, but successful measures to prevent an attack can offer up a false sense of security – recent events show companies often don’t fully understand their cyber readiness, or lack of readiness, until a breach occurs, by which point its often too late.”


CFO involvement in IT decisions continues to grow

The report says 49% of finance departments are now involved in the IT procurement decision making process from start to finish, and 28% of CFOs are tasked with evaluating the business case for new technology, while 10% keep a sole focus on IT from an expenditure standpoint, and 13% of CFOs say IT projects are solely a matter for IT.

Boon believes the growing role of finance in evaluating IT projects is encouraging, but more collaboration between departments is still needed for the greatest impact.

“Whether they like it or not, CFOs are being forced to provide more oversight into these decisions,” he says.

This greater involvement from finance reflects the growing importance of IT in a business, which has now become a significant line-item for companies as they continue to lean into digitisation.”