Cyber security is starting to mature in Australian organizations
- Published: Tuesday, 09 May 2017 08:50
IDC recently published the ‘IDC IT Security MaturityScape report for Australia’ - a study on the current state of enterprise security based upon quantitative research of over 862 organizations across the region, and 106 organizations in Australia.
Australia is found to be much more advanced than most of its peers in the Asia Pacific region. The country has recently undergone a strong awareness process, driven by the ‘tsunami of ransomware’ that Australian companies have been victim to in 2016, as well as the largely publicized security failures, such as the IBM Census event. Consequently, Australian companies have increased their security budgets and revamped their strategy, in a hope to catch up on their European or American peers.
"2016 has been a record high year when it comes to breaches at both a global and a local level, which is pushing Australian organizations to gain awareness of their assets, the risks they are exposed to, as well as how to mitigate the loss of revenue, brand reputation damage, and downtime deriving from a potential attack", says Lydie Virollet, market analyst for IT Services and Cybersecurity at IDC Australia. "As a result, security has become a key topic in any technology implementation discussion across the country. However, Australian organizations do not have the security maturity, nor the skills, to cope with today and tomorrow's threat landscape. Building strong relationships with trusted providers, carefully selected based on the company's assets and maturity, will be critical for their survival", continues Lydie.
In addition, the report highlights that over half of the organizations within the country are what IDC calls ‘Reactive Responders’ when it comes to their security architecture, at stage two of the five-stage maturity model.
In a world increasingly reliant on new and evolving technologies, cybersecurity, which used to be considered as an insurance approach under the sole responsibility of the CIO, has risen to become an area of increasing concern for boards and CEOs in Australia's public and private sectors.
This is a direct consequence of the several high-profile attacks publicized globally over the past couple of years, as well as the marked increase in attacks within the country itself. The businesses hit by those attacks have faced significant financial losses, legal pursuits, a tarnishing of their brand reputation and a drop in customer acquisition and retention.
The understanding and management of threats is a struggle that most Australian organizations face, and the extremely high fragmentation of the market increases their confusion as to what solutions to adopt to be the most secure.
This concern and struggle does not however directly translate into effective actions. In some markets in the region the lack of compelling and enforced legislation leaves the IT security team with the paradox of how to secure the environment when the C-Suite are not prepared to fund it or, as so often happens, IT security is considered important, but not enough to staff it nor fund it sufficiently.