What does it take to accelerate Australia’s cyber resilience and AI readiness?

Gabby Fredkin, Head of Analytics & Insights at ADAPT, reveals why many Australian organisations are struggling to keep pace with modernisation, AI threats, and cyber security expectations in his Security Edge presentation.

Based on insights from over 1,000 local surveys of regional Heads of IT, Digital and Finance, the presentation reveals the pace and complexity of change facing cyber security professionals today.

One of the top themes is the challenge of balancing rapid business growth with cyber security readiness.

As organisations expand, whether through revenue, products or headcount, initiatives such as Identity and Access Management (IAM) and governance become essential.

This is particularly true for those scaling quickly, where the ability to verify identity and manage data access is critical.

However, many respondents report difficulty securing sufficient resources and funding to keep risk aligned with business growth targets.

The second key theme centres on the dual forces of AI adoption and cloud modernisation.

While 70% of CIOs are now actively investing in generative AI, up from 50% in August 2023, spending still represents only around 4% of overall IT budgets (compared to 13% for cyber security).

This modernisation tug of war is further complicated by the drag of legacy systems and behavioural resistance to change.

Gabby draws a distinction between “AI stickers” (basic, embedded features) and “AI hammers” (bespoke AI solutions tackling specific business problems).

Organisations making effective use of the AI hammer, such as using large language models for threat triage, are seeing significant gains in mean time to detect and respond, as well as reduced security fatigue.

Lastly, maintaining governance and compliance is a persistent challenge.

Respondents highlight ongoing efforts to meet frameworks like ISO and the Essential Eight, often in the face of limited business support.

For many, these standards become crucial artefacts to demonstrate progress and win internal backing.

Meanwhile, readiness to defend against AI threats remains low, with average self-assessment scores of just 4.1 out of 10.

Gabby notes that AI has significantly scaled existing threats such as phishing, enabling more targeted and widespread attacks.

For CISOs and CIOs, this underscores the need to think critically about safe AI implementation and to reference robust frameworks like OWASP’s top ten AI security considerations as they navigate this evolving risk environment.

Key takeaways:

• AI investment is accelerating but unevenly resourced: 70% of CIOs are now investing in generative AI (up from 50% in 2023), yet it only accounts for 4% of IT budgets, compared to 13% for cyber security. Scaling from proof of concept to deployment remains costly and complex.
• Cyber security is being tested by rapid business growth: As organisations expand, particularly in revenue, products and workforce, identity governance and access controls become essential. Many teams report being underfunded and under-resourced to match the pace of business.
• Legacy systems and AI risks are hindering modernisation: While cloud and AI enable advanced security models like zero trust, progress is often slowed by legacy tech and human resistance. Defensiveness against AI-driven threats remains low, with a self-rated average of 4.1 out of 10.