SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image

Australian firms to boost cybersecurity budgets by next year

Fri, 20th Sep 2024

Sophos has released its Cybersecurity Playbook for Partners in Asia Pacific and Japan, which reveals significant findings regarding the cybersecurity preparedness and spending plans of Australian organisations. According to the report, 83% of these organisations are set to increase their cybersecurity budgets over the next 12 months. Additionally, half of the surveyed organisations across the region plan to allocate more funds to Managed Service Providers (MSPs).

The research, conducted in collaboration with Tech Research Asia, highlights that Australian companies are particularly cautious about the cybersecurity track records of their potential partners. Over two-thirds (68%) of organisations stated they were unlikely to engage with partners that have previously been breached or have experienced a security incident. For those who still consider engaging such partners, 60% will stipulate extra performance clauses and specific service level agreements.

"The ongoing prevalence of cyber threats has forced organisations to address a variety of their cybersecurity measures," said Cameron Reid, director, Channel Sales MSP, Sophos Asia Pacific and Japan. "The report found that the top three areas of importance for businesses are strengthening cybersecurity posture around financial operations, improving risk management capabilities, and ensuring cybersecurity is robust enough to support digital transformation programs. Evidently, when businesses invest in new technologies, it is front of mind that this is done in a secure manner to ensure potential attack surfaces are protected."

The introduction and integration of technologies such as artificial intelligence (AI) have led to heightened concerns about AI-augmented cyberattacks. Outside of Australia, these AI-related threats are considered the most daunting. However, in Australia, AI-augmented attacks are still a critical concern, ranking third behind credential theft and phishing/social engineering attacks.

The report disclosed that fewer than three out of ten (28%) Australian organisations believe they have the skills necessary to counter AI-related threats, while only one in ten (10%) have a comprehensive AI and automation strategy in place. To mitigate these skills shortages, 45% of organisations across the APJ region are planning to outsource to partners for support, and 49% aim to enhance in-house skills through partner-supported training and education initiatives.

The demand for MSP support is expected to be particularly strong. Over the next year, 83% of Australian organisations anticipate a cybersecurity budget increase, with half of the organisations in the APJ region intending to invest more in third-party managed security services. This trend aims to consolidate and manage tech stacks, improve security capabilities, and alleviate in-house pressures.

The main areas attracting increased budgets include infrastructure and network security (62%), threat detection and response (61%), application security (56%), identity access management (53%), and incident response and recovery (50%).

Only 20% of surveyed organisations use a single vendor for their cybersecurity needs. By contrast, a third of them (33%) employ three or more vendors. The trend towards multi-vendor environments is predicted to grow over the next 12 months as companies seek flexible and tailored commercial constructs from their partners.

"Since adversarial behaviours are always evolving, it is essential that organisations get the support they need to address all aspects of cybersecurity and continue to consistently evaluate and maintain strong defences against the latest cyberattacks," Reid added. "The research shows companies understand they need help building ongoing cyber resiliency and are looking to partners to fill their in-house gaps. This means MSPs have an opportunity to win and maintain business by presenting their strong technical cybersecurity skills, knowledge of the threat landscape, and an ability to help customers and prospects stay secure so they can focus on their business operations and goals."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X