Australian firms hindered by internal comms in tackling cyber threats
In a survey commissioned by unified observability and security leader, Dynatrace, internal communication barriers have been revealed as a significant issue impacting Australian organisations' ability to counter cybersecurity threats. The study titled "The state of application security in 2024" found that a lack of alignment between security teams and the C-suite is impeding the understanding of cyber risk, leaving organisations more susceptible to advanced cyber threats, particularly at a time when AI-driven attacks are on the rise.
The findings indicate that Chief Information Security Officers (CISOs) struggle to facilitate communication between the security team and senior executives. Remarkably, 89% of CISOs report that application security is not comprehensively understood by the CEO and board level. A challenging technical language barrier further exacerbates this issue; seven out of ten C-suite leaders interviewed stated that security teams often interact using technical jargon, devoid of business context.
Consequently, a staggering 76% of CISOs believe that the issue is fundamentally rooted in the incapability of security tools to generate insights that can be utilised by C-level executives and boards of directors for understanding business risks and preventing threats. These misalignments are of considerable concern given the rise in AI-driven attacks and cyber threats that drastically increase business risk. Amidst these conditions, nearly 72% of CISOs confirmed that their organisation had experienced an application security incident in the past two years.
Commenting on the worrying state of cyber risk comprehension, Bernd Greifeneder, Chief Technology Officer at Dynatrace remarked, "Cybersecurity incidents can have devastating consequences for organisations and their customers, so the issue has rightfully become a critical board-level concern. CISOs urgently need to find a way to overcome this barrier and create a culture of shared responsibility for cybersecurity. This will be critical to improving their ability to respond effectively to security incidents and minimise their risk exposure."
The survey further highlighted that the rise of AI exposes organisations to added risk, with CISOs voicing concerns about AI's potential to enable cybercriminals to produce new exploits more quickly and on a broader scale (52%), and the capability of AI to facilitate developers in accelerating software delivery with little oversight, leading to more vulnerabilities (45%). To manage these risks, 85% of CISOs have indicated that DevSecOps automation is gaining importance for them. A further 87% of CISOs perceived DevSecOps automation to be crucial for their ability to keep up with emerging regulations.
Greifeneder adds, "Organisations urgently need to modernise their security tools and practices to protect their applications and data from modern, advanced cyber threats. The most effective approaches will be built on a unified platform that drives mature DevSecOps automation and harnesses AI to deal with distributed data at any scale."
The present report is the result of a robust study based on a global survey encompassing the opinions of 1,300 CISOs, including 100 Australian CISOs, plus interviews with ten CEOs and CFOs in enterprises with more than 1,000 employees. The survey, conducted by Coleman Parkes, took place between March and April 2024.