Australian businesses are unprepared for cybersecurity threats, report finds

iStock

Businesses are struggling to hire and keep cybersecurity professionals, and many companies complicate it all by using too many security tools, a report has found.

The 2019 IBM study on the Cyber Resilient Organisation, which looked at 3655 security professionals worldwide, found organisations needed to focus on hiring skilled personnel, and improving processes and technologies.

Only 30 per cent of global respondents reported that their cybersecurity staffing is sufficient for a high level of cyber resilience. While 75 per cent of respondents rated their difficulty in hiring and retaining skilled cybersecurity personnel as moderately high to high.

The study, conducted by Ponemon Institute and sponsored by IBM, found almost four in five Australian respondents didn’t have a cybersecurity incident response plan they could apply consistently across their organisation.

IBM said of those that do have plans, more than half don’t test it – leaving them less prepared than they believe they are.

“Failing to plan is a plan to fail when it comes to responding to a cybersecurity incident,” said IBM VP of Product Management and Resilient Co-Founder, Ted Julian in a statement.

“These plans need to be stress tested regularly and need full support from the board to invest in the necessary people, processes and technologies to sustain such a program.”

The report found that one in two organisations surveyed had experienced a data breach, a figure that was higher in organisations “that do not use automation extensively”.

The finding was similar for organisations that experienced a data breach that saw the loss or theft of more than 1,000 records, with 55% of organisations overall reporting it.

73 per cent of respondents in high automation organisations had more than one cybersecurity incident in the past two years, but 79 per cent of respondents in the overall sample had more than one cybersecurity incident.

Businesses are now required to report serious cybersecurity breaches to the Office of the Australian Information Commissioner after a 2016 amendment to the Privacy Act.

In 2017-2018, the OAIC received 305 reports, up from 114 in 2016-2017. In the last quarter of 2018 262 notifications were received alone, of which 33 per cent were human error and 64 per cent the result of malicious or criminal attacks.

The most commonly breached areas of information were contact information, followed by financial details, identity and health information, and tax file numbers.

Business Insider Emails & Alerts

Site highlights each day to your inbox.

Follow Business Insider Australia on Facebook, Twitter, LinkedIn, and Instagram.