With a 64% average cyber resilience score, Aussie organisations push for greater protection against emerging threats

Gabby Fredkin, Head of Analytics & Insights at ADAPT, presents an insightful narrative on cyber resilience and business resilience at Security Edge.

Based on a variety of surveys, Gabby discusses the steps top-performing organisations take to become cyber resilient, which includes protecting, detecting, and responding to incidents as per NIST standards.

Despite an average resilience score of 64%, the ever-changing external and internal landscapes mean there is no 100% resilience; it’s an ongoing journey.

Board members have shifted their mindset toward a more continuous, nuanced approach to cyber resilience as they face growing personal accountability for cyber attacks, while organisations grapple with challenges such as funding shortages and legacy system risks.

Top-performing organisations excel by leveraging data-driven security insights, which enhance threat detection, reduce false positives, and promote productivity.

They embed security early in the system design phase, integrating it into modernisation journeys and improving DevSecOps practices.

These organisations are proactive in developing internal skills and securing employee retention by creating structured skill-development roadmaps.

Gabby highlights that fundamental practices, such as Australia’s Essential Eight, are critical for organisations to avoid and contain breaches.

Furthermore, fostering a proactive cyber culture, exemplified by behaviours like reporting phishing attempts, is essential for aligning cyber and business resilience.

As AI becomes more integral to organisations, security and risk play pivotal roles in governance and readiness.

Gabby notes that only a small percentage of organisations feel prepared to harness AI effectively, with mature data governance and information architecture being key differentiators.

AI readiness involves understanding and managing the risks of AI-driven cyber threats, like deepfakes and phishing attacks.

Gabby emphasises that collaboration between data and security teams is vital to securing data and improving productivity, as organisations progress in AI and prepare for future challenges like quantum computing.

Despite these concerns, progress in AI maturity and proactive security measures brings hope, as more organisations advance in aligning cyber and business resilience.

Key takeaways:

• Cyber resilience is an ongoing journey: Organisations are continuously working to protect, detect, and respond to cyber incidents, but due to the rapidly changing threat landscape, achieving 100% resilience is unrealistic. Top performers focus on embedding security early in system design and leveraging data-driven insights to improve security measures and operational resilience.
• Proactive cyber culture is essential for resilience: Fostering a proactive mindset, where employees actively report threats like phishing attempts rather than just avoiding them, strengthens both cyber and business resilience. Engaging teams and leadership at all levels helps organisations better manage risks and align security strategies with business goals.
• AI readiness depends on strong data governance: Organisations that excel in data governance, information architecture, and data democratisation are better prepared to harness AI productively. As AI-driven threats become more sophisticated, collaboration between data and security teams is crucial to safeguard against emerging risks while maximising AI’s value.