SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Cybersecurity insurance
#
Phishing
#
Email Security

Australian IT leaders struggle to identify scam emails

Today
Author image
By Melania Watson, Interview Editor

New research from KnowBe4 highlights significant challenges faced by Australian IT leaders in distinguishing between scam and legitimate emails, despite an increase in data breaches over recent years.

The study has revealed that over half of IT leaders surveyed incorrectly identified legitimate emails as scam or phishing attempts, while only a third successfully identified them as genuine, and 9% were unsure. When shown a phishing email, 44% mistakenly believed it to be legitimate, and 16% admitted to not knowing.

Despite these findings, there is a noted decline in the number of IT decision makers who view phishing and Business Email Compromise (BEC) as a risk to their organisations, compared to opinions recorded in 2021, 2022, and 2024. This is of particular concern given a report from Hobson & Co indicating that 68% of data breaches are due to human error.

There has been some progression in the awareness of cyber safety among employees, with 49% of IT decision makers acknowledging that their employees understand the business impact of cyber-attacks. This is an increase from 31% in 2024 and slightly better than figures from 2022 and 2021. Additionally, 41% of IT decision makers noted that employees report suspicious emails, a growth from previous years.

Confidence among IT leaders themselves is less robust, with only 38.4% feeling assured of their ability to respond effectively to a data breach. Generative AI poses a further concern, with 31.5% of leaders recognising it as a significant threat.

In response to these ongoing threats, Australian IT leaders are investing heavily in cybersecurity. 69% plan to enhance their cybersecurity spending in 2025, compared to 59% in 2024. Key areas for investment include new software solutions (62%) and awareness training with current content (61%). Other investments are directed towards cybersecurity insurance (41%) and policy changes (39%). However, simulated phishing and social engineering exercises for end users saw only 26% investment, reflecting an improvement from 2024 but still shy of 2022 levels.

Dr Martin Kraemer, Security Awareness Advocate at KnowBe4, noted the criticality of awareness among IT leaders, saying, "We are seeing a persistent lack of concern and awareness among IT leaders around the risk posed by phishing and social engineering. IT leaders are feeling increasingly confident that their employees are getting the message around cyber safety, but they may be overestimating their own abilities as a human firewall, or lacking the resources they need to be fully educated and equipped."

He further highlighted the challenge presented by fast-evolving threats such as generative AI and emphasised the need for continuous investment in training that accounts for the human element. "Threats like generative AI are also moving at such a pace that makes it hard to keep up. It is very promising to see investment moving upwards, but it is critical that IT leaders and business leaders continue to factor the human element into their training as a first line of defence."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Rapid7 enhances platform with AI-driven threat detection
Veeam to enhance data resilience with Microsoft AI
Genetec enhances Security Center SaaS with intrusion feature
Titan of Tech - Shane Madz of BitTitan
Dragos report reveals rise in industrial cyber threats
Top stories
AirDroid Business launches innovative Windows patch feature
Data leak at Chinese firm reveals government monitoring
Cyber incidents in IT sector surge, says Kaspersky report
Cybersecurity expert calls for shift to data-centric defence
MSP Trends in 2025 – Navigating What’s Next for Managed Services