Homepage ISACA newsroom
Register as BUSINESS Register as PR AGENCY Register as JOURNALIST

ISACA’s new State of Cybersecurity research reveals 62% of organisations in ANZ expect a cyberattack within the year

Announcement posted by ISACA 05 Aug 2021

Plus organisations report an increase in cyberattacks over the last twelve months via social engineering, APT and denial of service

Sydney, Australia (5 August 2021) –Findings from the global State of Cybersecurity 2021, Part 2 survey report from ISACA in partnership with HCL Technologies, not only shows 41% of Australian and New Zealand respondents report an increase in cyberattacks on their organisation during the last year, but 62% expect that their organisation will experience a cyber-attack in the twelve months ahead.

This second part to ISACA’s annual State of Cybersecurity 2021 survey report examines cyber threat landscape trends worldwide, including frequency and type of attacks, confidence in cybersecurity teams and cybersecurity awareness initiatives, nuances related to security operations and reporting structure, and cybermaturity as a business imperative.

Higher number of cyberattacks 

While 41% of respondents in Australia and New Zealand indicate that their enterprises are getting attacked more, the six most frequent types of attacks are:  

  1. Social engineering – 13% 
  2. Advanced persistent threat (APT) – 12%
  3. Denial of service – 11%
  4. Third party – 10%
  5. Unpatched system – 9% 
  6. Insufficient logging and monitoring – 9%


The global pandemic has presented a range of challenges, including those impacting cybersecurity teams. Almost half the enterprises in the region reported either adopting a Secure Access Service Edge (SASE) model (14%) or Zero Trust security strategy (28%) as a cybersecurity approach because of the pandemic.

“With the increase in the number and rate of cyberattacks worldwide, cybersecurity professionals are facing a challenging threat landscape that requires constant vigilance,” says David Samuelson, ISACA CEO. “These survey findings illustrate just how essential it continues to be for the global cybersecurity community to actively keep up to date with best practices and training, and ensure their teams are well staffed to detect and respond to attacks.”

Cybersecurity team and leadership dynamics

When it comes to cybersecurity teams and leadership in Australia and New Zealand, the report findings revealed no strong differences between the security function having a CISO or CIO at the helm and the following:

  • organisational views on increased or decreased cyberattacks
  • confidence levels related to detecting and responding to cyberthreats
  • perceptions on cybercrime reporting. 

However, it did find that security function ownership is related to differences regarding executive valuation of cyberrisk assessments (79% under CISOs versus 85% under CIOs), board of director prioritisation of cybersecurity (68% under CISOs versus 48% under CIOs) and alignment of cybersecurity strategy with organisational objectives (79% under CISOs versus 60% under CIOs). 

The report also found that artificial intelligence (AI) is fully operational in a third of the security operations of respondents. Seventy-two percent of respondents also revealed they are confident in the ability of their cybersecurity teams to detect and respond to cyberthreats. Additionally, 77% of those answering the survey noted that they believe cybersecurity training and awareness programs have a positive impact. 

“Human factors have always been a prime concern because of the ease of risk it can bring to any environment, and social engineering is the major evidence of it,” says Alejandro Bernal, cybersecurity architect, Neosecure, and member of ISACA’s Emerging Trends Working Group. “Investment in awareness programs is as relevant as deployment of cutting-edge technology to protect your information.”

Cybermaturity assessments valued but present challenges 

The report found that 68% of Australian and New Zealand respondents indicate their enterprises assess their cybermaturity, and those that perform cybermaturity assessments are more likely to have appropriately staffed security teams and report appropriately funded cybersecurity budgets. Respondents that were attentive to security program measurement and maturity are also more than two times more confident in the ability of their organisation to detect and respond to cyberattacks. 

However, respondents indicated that they faced some obstacles in determining cybermaturity, including:

  1. Integrating risk with maturity and keeping up with industry threats (41%)
  2. Difficulty differentiating concept of maturity versus compliance to management (34%)
  3. Having the necessary experience to understand and assess cybermaturity (33%)

Despite these challenges, 81% indicated that their executive leaders see value in conducting cyberrisk assessments; 34% of enterprises perform these assessments annually and 68% of respondents cited regulatory compliance as the primary driver for conducting them. 

“In a complex, constantly changing cybersecurity landscape that is subjecting enterprises to increasingly severe attacks, assessing cybersecurity maturity can play a role in determining whether enterprises have effective security programs,” says Renju Varghese, Fellow & Chief Architect, CyberSecurity & GRC Services, HCL Technologies. “Taking a proactive, risk-based approach to assessments, versus simply meeting compliance requirements, will serve enterprises well in ensuring their cybersecurity goals are met and that they can continue to pivot as needed as the threat landscape shifts.” 

For a complimentary copy of State of Cybersecurity 2021 Part 2 or Part 1, insights from industry leaders and related resources, visit www.isaca.org/state-of-cybersecurity-2021

 

###

About ISACA

For more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organizations, and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organization that leverages the expertise of its more than 150,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including more than 220 chapters worldwide. In 2020, ISACA launched One In Tech, a philanthropic foundation that supports IT education and career pathways for under-resourced, under-represented populations.

 

Twitter: www.twitter.com/ISACANews
LinkedIn: www.linkedin.com/company/isaca
Facebook: www.facebook.com/ISACAGlobal 
Instagram: www.instagram.com/isacanews

 

Contact:

Karen Keech, karen@establishedmedia.com, 0411 052 408