According to a new Accenture report, Australian businesses are boosting their cyber security budgets.
Accenture's State of Cybersecurity Resilience report gathered insight from over 4,400 executives globally and collected a variety of data about companies cyber safety spending and habits.
With the growing number of cyber threats increasing across the Australian tech landscape, businesses were found to be mobilising security resources, with eight in ten large Australian companies (84%) revealed to have increased spending on technology initiatives.
Although there was a reported increase in spending, companies still said they were struggling, with four in five respondents (81%) saying that "staying ahead of attackers" is a constant battle and the costs are unsustainable.
This is said to show a lack of alignment between business strategy and investment, with a lack of forward planning and struggle to keep up with new threats.
The companies that showed a large amount of cyber resilience generally returned better investment results, as they viewed security measures in a fundamentally crucial way.
Much of the positive reporting came from effective communications and relationships, with the highest performing CISOs maintaining a close relationship and direct reporting line to the CFO, the CEO, and the board of directors.
This proximity resulted in increased trust, autonomy, and the ability to tap into these relationships when developing a broader security strategy and ensuring alignment with the business.
"When it comes to managing cyber risks, organisations can't afford to lean one way or the other," says Accenture cyber defence lead AAPAC Mark Sayer.
"To achieve sustained and measurable cyber resilience, chief information security officers need to move away from security-focused silos so they can collaborate with the right executives in their organisation to gain a 360-degree view of the business risks and priorities."
Sayer also says that an increase in spending doesn't always result in positive results, and it's how the money is used and how companies react that makes the difference.
"Spending more on cyber security without being closely aligned to the business doesn't make your organisation safer.
"Our research shows that companies that consistently perform the strongest against cyber threats view cyber attacks not as a risk, but as an ongoing threat to their operations. They adopt a holistic approach to cyber security."
At a global level, the study found that more than half (55%) of large companies are not effectively stopping cyber attacks, finding and fixing breaches quickly, or reducing the impact of breaches. Sayer says to curb risk, businesses should always make compliance a top intergenerational priority.
"Companies that tend to take a compliance-led approach don't seem to fair as well when confronted with real cyber attacks. Compliance should be viewed as a product of sound security risk management, not the other way around."