New Australian Cybersecurity Risk Report finds overconfidence despite potential threats.
Nearly two-thirds of Australian organizations think a potential cyberattack on their organization is likely or very likely in the next 12 months, according to the 2021 Australian Cybersecurity Risk Report, a new report from Varonis Systems, a pioneer in data security and analytics.
For the inaugural study, Varonis analyzed 515 responses from C-level executives and senior managers in decision-making roles. Surveyed companies including small to large businesses across industries that include IT and telecom, financial services, government, manufacturing, professional services, education and healthcare.
Key findings from the 2021 Australian Cybersecurity Risk Report include:
- 82% of Australian organizations rated their ability to protect themselves from a cyberattack as good or very good
- Almost two-thirds (63%) think a potential cyberattack on their organization is likely or very likely in the next 12 months
- Organizations listed data loss or theft as the biggest cybersecurity concern (53%), followed closely by human error (40%) and insider threats (37%)
- Loss of brand reputation was rated the top overall concern by 29% of organizations, followed by loss of intellectual property (24%) and costs associated with a cybersecurity breach (18%)
- Nearly three-quarters (71%) of organizations store sensitive information in Microsoft 365
The report aims to shed light on how Australian organizations are adjusting to modern security challenges, safeguarding sensitive data and mitigating risk from ransomware and insider threats. The report also offers insight into what businesses can do to minimize their risk.
Scott Leach, Vice President of Sales, APAC, at Varonis, said: “Four in five respondents are confident they can defend against an attack – a surprising statistic in light of today’s evolving threats and big ransomware payouts. Executives and board members must put their data first and proactively turn to cyber-resilience – preventing breaches by limiting an organization’s ‘blast radius’ – the potential damage a compromised user or account could do during an attack.”
According to the report: “The high value of sensitive data, combined with the lack of knowledge over where this data is located and who has access to it, makes organizations prize targets for threat actors.”
Varonis recommends organizations take the following proactive steps to improve their security:
- Develop, implement and enforce data management and data access policies
- Provide cybersecurity education for staff to avoid falling victim to phishing and spearphishing attacks
- Focus on reducing the damage attackers can do by limiting your blast radius – the damage attackers can do once inside your environment