It took a global pandemic, but enterprises and government agencies in Australia and New Zealand are now rethinking their approach to cybersecurity—taking it seriously for the first time in a while. That's the conclusion of a survey of about 435 people in Australia and about 40 in New Zealand by the Australian arm of the global business services firm BDO and Australia's AusCERT cybersecurity rapid response team. Fewer organisations (55%) now feel confident in managing cyber incidents, down from 62% just a year earlier, the survey found.
The COVID-19 pandemic forced a rapid shift in businesses and governments to convert to digital processes, and not just implement work-from-home. That digitalisation in turn forced more consideration of cybersecurity, especially as Australia had seen multiple waves of ransomware attacks and other cyberattacks in recent years, due mainly to poor security practices and training that cybercriminals were all too happy to exploit. New Zealand had essentially the same issues.
For example, the BDO-AusCERT survey found that 20.8% of businesses were unprepared for secure remote work before the pandemic, and another 11.7% were only partly prepared. Those unprepared and underprepared organisations "experienced four times as many data breaches via the supply chain, four times as many payment-redirection fraud attacks, three times as many business email compromises, and almost three times as many malware infections" after they hastily implemented remote work during the pandemic.
As a result, there's a renewed focus now on cyberresilience, which includes both prevention and remediation. On the prevention side, the Australian government has increased the security budget for both itself and to support businesses, proposed legal changes, and identified possible penalties for those breached. But businesses struggle with the myriad of security practices and standards they are now expected to implement.
Positive trends revealed by the survey include:
- 26% increased the use of mobile device management.
- 25% increased security training.
- 20% increased IT resources.
- 18% more firms reported cybersecurity risks to the board of directors.
- 18% increased the use of security operations centres.
- 18% deployed secure VPN access.
- 17% saw increased security standards' usage.
- 17% increased their cloud security risk assessments.
- 16% increased their incident response teams' capabilities.
- 16% enhanced email security.
- 11% appointed CSOs or CISOs.
The BDO-AusCERT survey's respondents were 45% C-level executives and the rest in various security and auditing roles. By industry, 17% were in the public sector, 14% from professional and technical services, 13% from education and training, 12% from healthcare and social assistance, and 12% from financial services and insurance.