Over two-thirds of Aussie CISOs face resource constraints, needing 50% more to ensure cyber resilience
Australia's CISOs face growing cyber threats, AI risks, and resource constraints. ADAPT's Security Edge explored how to modernise for resilience and close key gaps.
Australia’s CISOs face growing cyber threats, AI risks, and resource constraints. ADAPT’s Security Edge explored how to modernise for resilience and close key gaps.
How do we keep people and data safe while navigating today’s vulnerabilities and AI-driven opportunities?
In Australia, recent high-profile cyber attacks and evolving legislation are pushing the nation towards a goal of national resilience.
Yet, with dispersed workforces and digital transformation in full swing, we’re asked to do more with less—facing growing complexities and vulnerabilities.
AI is reshaping Australia’s landscape, bringing both opportunities and new risks. While it enables automation and innovation, it also scales threats, making security a critical focus.
But many organisations are hampered by legacy systems, technical debt, and tight budgets. Australia’s enterprises are feeling the strain, balancing operational costs with the need for resilience.
ADAPT’s conversations with over 200 of Australia’s leading CISOs highlighted a shared challenge: a lack of resources. Many reported needing 50% more staff and funding just to meet their goals.
And as we move towards AI-driven solutions, the gap between those ready to leverage AI and those struggling with the basics could define the next decade of competitiveness.
At Security Edge, ADAPT discussed how to close these gaps, simplify security strategies, and modernise for resilience.
We explored solutions together with luminaries from Commscope, DXC, Cricket Australia, and Privacy Code, recognising the pressing need for alignment between resources, executive support, and the immense opportunity that lies ahead with AI.
1. Global CISO Keynote: Making the Most of a Crisis, Risk Reduction, and IT/OT Controls
Presented by: Ahmad Douglas – CISO at CommScope USA
Ahmad Douglas’s keynote was a masterclass in managing cyber crises under intense pressure.
As the CISO at CommScope, Ahmad faced a major ransomware attack shortly after joining, shaking the organisation’s core operations.
This attack not only forced Ahmad to make swift decisions without full incident response plans in place but also evolved his role from merely operational to strategic risk manager.
His experience underscored the importance of gaining boardroom consensus and adopting incremental risk reduction strategies.
For Australian CISOs, many of whom are modernising legacy systems while facing budget constraints, Ahmad’s key lessons on IT/OT network segmentation and executive communication are critical.
According to ADAPT research, over two-thirds of CISOs in Australia report lacking the necessary resources to execute their cybersecurity mandates effectively.
Ahmad’s approach of leveraging relationships and building trust with senior leadership offers a pathway for Australian CISOs to secure the funding and support they need.
2. ADAPT Research: Cyber Resilient & AI Ready
Presented by: Gabby Fredkin – Head of Analytics & Insights at ADAPT
Gabby Fredkin presented the latest ADAPT research on cyber resilience and AI readiness, revealing data collected from over 500 surveys of top CIOs, CISOs, and other leaders responsible for over 40% of Australia’s GDP.
The findings highlight a crucial gap: while organisations are working to protect, detect, and respond to incidents, only a small percentage feel prepared to leverage AI effectively.
In fact, over two-thirds (66%) of Australian CISOs believe they lack the necessary resources to deliver a world-class security service, with many estimating they’d need almost 50% more resources to meet growing cyber demands.
The average cyber resilience score of Australian organisations remains around 64%, according to ADAPT, far from the ideal given the growing sophistication of cyber threats.
Gabby emphasised that embedding security early in the system design phase, improving DevSecOps practices, and fostering a proactive cyber culture are key strategies employed by top performers.
For tech vendors, this data presents an opportunity to provide tools that integrate security within development processes and help CISOs align their cyber efforts with AI initiatives.
3. Panel: How to Articulate the Risk, to Get the Support, to Protect and Enable
Panelists: Peter Hind – Principal Research Analyst at ADAPT, Kylie Watson – CISO at DXC Technology, Donald Elliott – CIO at Cricket Australia, Olivia Loadwick – Partner at McKinsey & Company
The panel discussion brought to light the complexities of managing cyber incidents and the challenges of gaining executive support.
Donald Elliott highlighted the importance of framing cyber security as an enabler of business continuity rather than a blocker, especially when communicating with boards and executives.
Kylie Watson added that CISOs must consider the behavioural aspects of security, using tools like nudge theory to influence secure practices across the organisation.
ADAPT data indicates that one of the main barriers to delivering on security goals is a lack of support from executives, as reported by over 50% of surveyed CISOs.
The panel underscored the importance of scenario planning and cross-functional collaboration to ensure that security strategies are well-integrated with business objectives.
Vendors can support CISOs by providing solutions that help communicate cyber risks in business terms and facilitate smoother alignment between security and business teams.
4. The 9 Steps: What a CISO Needs to Know and Measure in Privacy, AI Ethics & Data Governance
Presented by: Michelle Dennedy – Chief Data Strategy Officer at Abaxx Technologies
Michelle Dennedy’s presentation addressed the rising importance of privacy and AI ethics in data governance.
Drawing from her experience at Cisco and McAfee, Michelle outlined a nine-step framework for improving the people, processes, and technology involved in data governance.
She emphasised the critical role security teams play in ensuring compliance, optimising authentication processes, and managing the data impact of AI.
For Australian CISOs, whose organisations are becoming more dependent on AI-driven technologies, the ability to govern data effectively is paramount.
ADAPT’s surveys show that organisations excelling in AI readiness are those with mature data governance frameworks.
As AI continues to introduce new risks—such as deepfakes and phishing attacks—CISOs need to incorporate privacy into their cyber efforts, leveraging metrics that can measure both risk and ethical AI practices.
Tech vendors that offer data governance solutions, particularly those focusing on AI ethics and privacy, will find a strong market among Australian security leaders.
5. The World Class CISO
Presented by: David Gee – CIO, CISO, Board Advisor, NED & Author
David Gee’s session provided insights on what it takes to be a world-class CISO.
With over 25 years of experience across various industries, David emphasised the importance of leadership, collaboration, and continuous learning for aspiring CISOs.
He shared personal stories from his time at HSBC, Macquarie Group, and Credit Union Australia, illustrating the need for CISOs to balance technical skills with strategic oversight and stakeholder management.
ADAPT data supports David’s emphasis on leadership, showing that top-performing organisations invest heavily in leadership development and skill-building.
For tech vendors, this means offering solutions that not only address technical vulnerabilities but also empower CISOs to build stronger teams, communicate effectively with executives, and foster a culture of continuous improvement.
Conclusion
Australian CISOs are navigating a complex landscape of growing cyber threats, resource constraints, and evolving technologies like AI.
ADAPT’s Security Edge event provided crucial insights and practical lessons that can guide both CISOs and the vendors who aim to support them.
From crisis management to AI governance, the key to success lies in aligning security strategies with business objectives, fostering strong leadership, and embedding security into every stage of the organisation’s operations.
Vendors who can offer scalable, integrative solutions that address these priorities will be well-positioned to partner with Australian CISOs in their efforts to protect and enable their organisations.