False sense of confidence leaves organisations vulnerable to cyber threats.
ExtraHop’s third annual Global Cyber Confidence Index finds Australian organisations generally ill-equipped to manage and mitigate their cyber risk following a significant increase in ransomware attacks and cybersecurity incident downtime.
Although an overwhelming majority (91%) of IT and cybersecurity decision makers said they are confident in their organisations’ ability to manage cyber risk, most acknowledged that they are frequently the victim of ongoing threats and falling behind when it comes to identifying and remediating threats.
Key insights from the report include:
Cyberattackers are raking in ransomware payments
Fifteen per cent of Australian respondents deemed ransomware the biggest risk to their organisation with 82% saying they experienced six or more ransomware incidents in 2023.
Of those surveyed, more than three in four (77%) experiencing a ransomware attack paid up in 2023 – compared to 82% in 2023 and 72% in 2022.
On average, the research found ransomware payments alone cost nearly $1.3 million per organisation in the last year – before adding in the unrealized costs associated with remediation.
Downtime is draining organisations of their time and money
Australian respondents said they averaged 62 hours of downtime following a security incident last year. Organisations with 1,000-1,999 employees experienced the most downtime at nearly 74 hours on average per incident.
Organisations are putting their faith in AI
Australian organisations are overwhelmed by a multitude of barriers holding them back from effectively managing cyber risk, citing immature risk management processes (24%), a lack of alignment between the cybersecurity organisation and the business (18%), insufficient personnel resources (18%), the inability to catch up in a fast-paced industry (17%), outdated technology (14%) and insufficient budget (9%).
More than a third (37%) of respondents agree using AI and Machine Learning to help manage and mitigate cyber risk is a top priority for their organisation.
Organisations are investing in business resilience
Nearly half (48%) of Australian respondents say they need more than a 50% budget increase to effectively manage and mitigate cyber risk.
Security technology adoption is growing, though only around a third of respondents currently have deployed or plan to deploy any individual solution.
The most popular solution was extended detection and response (XDR).
Network detection and response (NDR) was recognized in the report as an ‘essential investment’ for organisations planning to implement a range of solutions.
“Cyber risks are inevitable and no single organisation is immune to the threat bad actors pose to their business,” said Raja Mukerji, co-founder and Chief Scientist, ExtraHop. “With ransomware and downtime on the rise and ripple effects being felt throughout entire organisations, leaders are recognising an inherent need to prioritise cybersecurity and business resilience.”