Internal challenges curb cybersecurity transformation in Australian firms
In a newly released survey by Australian technology research and advisory firm, ADAPT, it has been indicated that whilst there is a growing demand for stronger cybersecurity, internal challenges related to security transformations remain a significant hurdle for many organisations.
ADAPT's survey polled 170 Australian Chief Information Security Officers (CISOs), whose organisations account for over 18% of Australia's GDP. Their responses highlight the priorities for cybersecurity in the next twelve months.
Matt Boon, Senior Strategic Research Director at ADAPT, said, "It's taken a very long time for teams to invest in security, but at this point the goalposts have shifted. Measures that used to be effective simply aren't cutting it against new threats. Leadership gets it - but the next obstacle is to understand what success looks like and work towards it."
Boon further noted that with the prevention of brand damage on the mind of 89% of CISOs, there is a greater willingness to bolster security by working across departments. However, navigating these internal issues is easier said than done.
The survey sheds light on the re-emergent issue of cybersecurity budget constraints amid economic uncertainty. Fifty-nine percent of respondents cited a lack of budget as a key obstacle in advancing cybersecurity efforts. This is a rise from 30% in 2022, yet is a significant decrease from 2021, when 82% listed funding as a barrier to security initiatives.
Talking about the problem of budgets in the wake of on-going economic uncertainties, Matt Boon said, "As companies look to optimise costs, there's much more competition within IT departments for the same pool of cash. Although cybersecurity is enjoying more time in the sun than before, CISOs are still working overtime to make the case for their cause."
On a positive note, 81% of respondents agreed that their ability to deal with cyber threats has improved over the last 12 months. Furthermore, 62% of CISOs found it easy to make boards understand the importance of cybersecurity, proving that proactive measures are very much on the leadership's agenda.
However, the issue of overly complex technology systems is hampering efforts for more robust cybersecurity measures. When asked about the main technical issues, 67% of CISOs reported legacy technology and processes as a problem, with 50% stating their technology stacks were too complicated.
Commenting on this finding, Boon suggested that it's not just about spending more, but spending wisely. He explained, "Companies dealing with too many solutions will do well to reframe their cyber strategy, which can include cost-effective solutions including SaSe and Zero-trust models."
Interestingly, the survey also revealed that cybersecurity awareness training isn't receiving as much investment as it should. Forty-five percent of respondents expect to invest in training over the next 12 months, but this only represents seven per cent of their overall security budgets.
Mr Boon stated that a digitally fit workforce could significantly improve a company's cyber posture. He advised that, "Companies should reconsider what they're spending on tools versus what they're spending on their people's training."