New Study Finds Australian Employees Most Likely to Violate Organisational Data Policies – Rubrik Zero Labs
Announcement posted by Rubrik 12 Dec 2023
- More Australian security executives reported their employees were 'definitely' accessing data in ways not prescribed in data policy
- Compared to the global average, almost three times as many Australian boards and C-suites only receive data security updates when there is a material issue
- More than half of Australian organisations suffered loss of sensitive data in the past year
- Australian organisations reported the highest instance of suffering multiple data loss events
SYDNEY, Australia, December 12, 2023 - Although data breaches are an international issue, a new cyber report from Rubrik, the Zero Trust Data Security™ Company, finds the challenge is compounded in Australia as employees and business leaders have the highest prevalence of skirting data security policies and best practices.
In its new research report, "The State of Data Security: The Journey to Secure an Uncertain Future", Rubrik Zero Labs provides a timely view into the increasingly commonplace problem of cyber risks and the challenge to secure data across an organisation's expanding surface area. New technologies - from artificial intelligence (AI) to cloud - continue to create countless opportunities for modern cybersecurity threats that capitalise on the explosion of data worldwide, according to more than 1,600 security executives who participated.
Data Risks Surging Down Under
- Significantly more Australian security executives (20%) said people inside their organisations were definitely accessing data in violation of data policies than the global average (11%).
- Almost three times as many Australian boards and C-suites only receive data security updates when there is a material issue (11%) than the global average (4%). Australia also had the lowest instance of these senior decision makers receiving updates at least monthly (4%).
- More than half (58%) of local organisations experienced a loss of sensitive data in the past year. Australian organisations reported the highest instance of multiple data loss events in the same year (31%). Globally, one in five organisations (20%) experienced multiple data loss events.
Antoine Le Tard, Vice President, Rubrik APAC, said after more than 15 years living in Australia he had seen an admirable culture of 'getting it done' among the workforce, but in recent years this increasingly put organisations at greater cyber risk.
"In my experience, Australians go above and beyond to innovate in order to get the best outcome for their customers and the business. This desire to help as quickly as possible and remove friction from the customer relationship can sometimes lead to a liberal interpretation of organisational procedures and policies," Le Tard said. "While their heart is in the right place, we now live in an age in which cyber attackers are constantly looking for any inroads they can find - so it's clear data security policies are a corner that should never be cut."
Le Tard said that while employees contravening data policies was one thing, board and C-suite executives should be more proactive in understanding their data security posture.
"Despite the multiple high-profile data breaches over the past 18 months, our research found more than one in 10 Australian senior decision makers were only receiving updates when a material issue arises - and by then, it's already too late," he said. "The trend globally is for the majority of senior leaders to receive data security updates quarterly or every six months. This is much better practice as it allows any issues to be addressed before they're exploited."
Le Tard added: "On the other side of the coin, in my conversations with CEOs, many feel as though they don't know the right questions to ask of their security teams. Further, the answers they do receive are often highly-technical and difficult to understand for those without a security background."
Findings Highlight Data Growth Outpacing Protection Capabilities
- Australian organisations have 5.7 million sensitive data records, observed on average.
- 88% of Australian IT and security leaders surveyed believe their organisation's current data growth is outpacing their ability to secure this data and manage risk. This is significantly higher than the global average of 66%.
- The most widely reported data types compromised in Australia included account numbers (42%), authentication keys (35%), corporate financial data (35%), and intellectual property (35%).
- The consequences that most concerned Australian security leaders following the loss of sensitive data included operational disruptions (29%), reputational damage (19%), customer loss (18%), and litigation (18%).
- One quarter (25%) of Australian respondents reported their organisation being at 'high risk' of material loss of sensitive data in the next 12 months (72% reported either a 'high' or 'moderate' risk).
"The explosive growth in data is due to increasing use of big data tied to artificial intelligence, the Internet of Things, and the increasingly common use of personal data generated by devices. Furthermore, it is rapidly changing both sides of the cybersecurity battlefront - including the myriad of ways that attacks are carried out and how our systems execute rapid response, from posture management to data security," said Steven Stone, Head of Rubrik Zero Labs. "We see that left unattended, today's data proliferation can cripple businesses. Organisations need to have the right visibility into their data to secure it, with a clear plan for cyber resilience that delivers business continuity."
"The State of Data Security" comes from Rubrik Zero Labs, the company's cybersecurity research unit formed to analyse the global threat landscape, report on emerging data security issues, and give organisations research-backed insights and best practices to secure their data against increasing cyber events.
In its third global study since launching one year ago, Rubrik Zero Labs commissioned Wakefield Research to gather insights from more than 1,600 IT and security leaders — half of which were CIOs and CISOs — across 10 countries. This report is supplemented by a significant increase in Rubrik telemetry to provide an authentic view of organisations' environments and threats they face, looking at more than 5,000 clients across 22 industries.
To learn more about Rubrik Zero Labs' "The State of Data Security" visit https://rubrik.com/zero-labs and register for the virtual Rubrik Zero Labs Summit taking place Thursday, November 16th.
Report Methodology
"The State of Data Security: The Journey to Secure an Uncertain Future" by Rubrik Zero Labs was commissioned by Rubrik and conducted by Wakefield Research among more than 1,600 IT and security decision-makers at companies of 500 or more employees. Respondents were made up of approximately half CIOs and CISOs and half VPs and Directors of IT and Security. The research was conducted in the US, UK, France, Germany, Italy, Netherlands, Japan, Australia, Singapore, and India between June 30, 2023 and July 11, 2023.
The survey supplemented Rubrik telemetry, looking at more than 5,000 clients across 22 industries and 67 countries. The data includes over 35 exabytes of logical storage secured and more than 24 billion sensitive data records from January 2022 through July 2023.
About Rubrik
Rubrik is on a mission to secure the world's data. With Zero Trust Data Security™, we help organizations achieve business resilience against cyberattacks, malicious insiders, and operational disruptions. Rubrik Security Cloud, powered by machine learning, secures data across enterprise, cloud, and SaaS applications. We help organizations uphold data integrity, deliver data availability that withstands adverse conditions, continuously monitor data risks and threats, and restore businesses with their data when infrastructure is attacked.
For more information please visit www.rubrik.com and follow @rubrikInc on X (formerly Twitter) and Rubrik on LinkedIn.