10 interesting findings from the report:
- We are more prepared than ever for cyber-attacks with incident response plans in place at 77 per cent of local businesses
- 34% of Australian respondents review and test their incident response plan monthly as businesses move to an ‘expectation of breach’ mentality
- 48% of Australian businesses experienced a security attack in the past 12 months
- 89% of Australian businesses estimate security breaches went undetected – up 12% since 2018
- This contrasts with 74 per cent of Australian businesses believing they have strong systems in place to verify when an incident has occurred
- 27% of organisations take weeks, months or years on average to detect a security incident or breach
- 84% of Australian organisations spend up to 20% of their overall IT budget on security
- Among the subset of organisations interrupted due to a security breach, 81% of Australian businesses experienced a ransomware incident within the past year; 51% of Australian organisations who experienced ransomware paid the ransom
- 44% of Australian respondents identified C-level executives were ultimately held responsible in the event of a cyber security incident
- Human error or a targeted attack on an employee are cited as the highest risks to IT security by 36 per cent of respondents