The Annual Cisco 2019 Asia Pacific Chief Information Security Officer (CISO) Benchmark Study, which compares 11 countries and their cybersecurity standing, reveals that data breaches are costing Australian businesses more than any other country. The study which interviewed almost 2,000 security professionals.
Downtime is a Detriment to Profits and Productivity
Longer downtime is one of the key factors identified in the study that is resulting in higher financial costs to businesses. The study looked into the effect and costs of outages on Australian businesses and found that 75 per cent of Australian organisations experienced an outage of 5-16 hours. This is longer than the global average of 43 per cent. A massive 84 per cent of Australian businesses also reported their most severe breach cost them over $1 million, higher than any other country in the APJC region of the report.
With the number of cyber threats increasing rapidly, the real challenge for Australian businesses is how they can best prepare and invest to fight the increase in daily alerts and prevent monetary loss.
False Alerts Impacting Prevention Productivity
69 per cent of Australian organisations reported receiving more than 100,000 alerts every single day, more than double last year’s figure, and of these, the majority are being identified as false. Last year, 65 per cent of investigated alerts were legitimate, now only 33 per cent are, highlighting the increase of false alerts.
False alerts are also having a negative impact on fighting legitimate upcoming threats, with the number of real cybersecurity incidents that have been resolved down by 31 per cent, from 69 per cent that was recorded in 2018.
Australia’s Increasing Cybersecurity Fatigue
The sheer number of incoming threats is having a drastic impact on Cybersecurity Fatigue, with the study finding that Australian businesses are experiencing a higher level of fatigue at 65 per cent in comparison to the global average 30 per cent.
Cybersecurity Fatigue is defined in the report as virtually having given up on proactively defending against threats due to the rapid evolution of attacks. Hackers are no longer just targeting IT infrastructure, but have started to attack operational infrastructure, intensifying the challenge for companies. In Asia Pacific, 25 per cent of respondents have already experienced an attack on their operational infrastructure (versus 21 per cent globally), and 73 per cent expect this trend to increase in the next year (versus 64 per cent globally).
Shortage of Skilled Professionals
Cybersecurity adoption is also highlighted as a key issue in the study. Budget constraints were reported as the top obstacle for the first time (37 per cent), followed by organisational culture/attitude about cybersecurity (32 per cent) and competing priorities (30 per cent). Last year’s top challenges of certification (33 per cent), organisational culture (30 per cent) and competing priorities (28 per cent). However, Australia is making great strides when investing in people and teams rather than just technology. They are relatively confident in their security tools’ ability to deal with adapting threats.
Commenting on the findings of the study, Cisco Australia and New Zealand’s Director, Cybersecurity, Steve Moros, says, “Businesses are now facing challenges from all sides – it is a constant battle. Our report shows that data breaches and attacks are increasingly costing businesses and they are having to fight constant levels of attacks and in turn suffer cyber fatigue where they don’t have the resources, either in people or time, to proactively protect their business.”
“It is clear that investing in people and skills is the best way forward to alleviate cyber fatigue and increase proactive cybersecurity, particularly around identifying false threat quickly to focus on the high-risk threats. There is no doubt that as we move into a more digital open playing field these threats will increase, but by investing in upskilling in cybersecurity and working with security partners we can all fortify our cybersecurity workforce for the better.”
“What we can see is that CISOs struggle with user behaviour, and a Zero Trust approach can help minimise the impact of that. This helps organisations to protect users and their devices against stolen credentials, phishing and other identity-based attacks, manage multi-cloud environments and contain lateral movement across the network, and gain insight into users and devices, identify threats and maintain control across all connections in the network.”
“Another aspect is creating a cybersecurity resilience plan so all employees are aware of the risks, their role and how to react in a data breach. Finally, educating board members on what data breaches could look like, the monetary impact and also how the business can prepare and invest, will help to unlock further budget for investment into cybersecurity so the above can be achieved.”