The state of Cyber Resilience in Australia 2022

Australia has embraced a hybrid work culture following the global pandemic. However, from the start there have been some cybersecurity ‘red flags’ with remote work arrangements. Within months of organisations asking employees to work from home, we saw security teams worried about stopgap measures taken for business continuity reasons; about the rising opportunism of attackers; and about workers’ preparedness to face new or increasing cyber threats.

A lot has happened in the two years since the pandemic began. But what have Australian security teams learned about operating in hybrid and remote work environments? Our new research shows that Australia’s CISOs and security teams were right to be wary of the workfrom- home revolution.

Among other things, the research reveals that when it comes to IT and security for hybrid working, special rules apply for senior (and middle) managers; BYOD (Bring Your Own Device) brings new security challenges; and individuals and teams are having to ‘flex’ beyond reasonable constraints in the name of business continuity and productivity – at the expense of security. Additionally, passwords and IT systems are expected to fill any gaps left by inadequate cybersecurity training.

In this study, we identify and explore the  cybersecurity controls and protections that were ignored, downplayed or side-stepped during the past two years. In addition, we examine what it will take for organisations to improve overall cyber resilience.

Methodology

Barracuda commissioned independent market research firm StollzNow Research to conduct an Australian survey of IT decision-makers and non-IT workers in organisations of at least 50 employees that use a computer for work. There were 504 respondents across all organisational sizes and levels, including about 16% in senior management and 63% in mid-level roles. All states and territories in Australia, except the Northern Territory, are represented. The survey was fielded in May 2022.