New KnowBe4 research finds only three in ten Australian IT decision makers believe the employees in their organisations understand the impact of their businesses falling victim to a cyber attack
Data breaches have continued to hit the headlines over the last two years but they are seemingly having little impact upon how IT decision makers view the risks to their organisations for cyber protection.
According to new research from KnowBe4, 71% of IT security decision makers are not confident of the steps they would need to take following a cyber incident or a data breach.
Similarly, just three in ten Australian IT decision makers believe the employees in their organisations understand the business impact of their businesses falling victim to a cyber attack (31% - down from 42% in 2022 and 40% in 2021), are confident their employees can identify phishing and BEC emails (30% - down from 38% in 2022 and 42% in 2021), and that their employees report all emails they believe to be suspicious (34% - down from 38% in 2022 and 39% in 2021).
David Bochsler, VP of sales for APAC at KnowBe4 is worried: “It’s both surprising and hugely concerning that after the large-scale data breaches we’ve seen in recent years that the majority of Australian IT professionals are failing to understand the cyber risks their organisations face. The lack of awareness Australian organisations still have from both IT decision-makers and their employees can be detrimental to both business operations and company reputation. With that in mind, it’s key for Australian organisations to prepare themselves for the steps they need to take following an incident.”
Cybersecurity software the most popular investment
Of those who are planning on spending money towards cybersecurity in 2024, they are most likely to be investing in new cybersecurity software (46% - down from 59% in 2022 and 68% in 2021), followed by a cybersecurity awareness training program (40% - down from 47% in 2022 and 55% in 2021).
- Other areas of investment include employee policy changes related to cybersecurity (29% - down from 43% in 2022 and 38% in 2021), cybersecurity insurance (29% - down from 45% in 2022 and 34% in 2021), and simulated phishing and social engineering for end users (21% -down from 32% in 2022 and 30% in 2021).
The important thing for organisations to remember, Bochsler advises, is that there is no one-stop solution for cyber protection. “Rather than relying on one or even multiple offerings, there should be a comprehensive security programme in place to address the most prevalent threats to the organisation. Investments in security should cover elevating the security culture of an organisation to help everyone understand their role in helping to enhance overall security.”
For more information on KnowBe4, visit www.knowbe4.com.
Research methodology:
This study was conducted online between the 4th – 10th January 2024. The sample comprised of 216 Australian IT decision makers across industries. YouGov designed the questionnaire. The data is unweighted.
About KnowBe4
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is used by more than 65,000 organisations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organisations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. The late Kevin Mitnick, who was an internationally recognised cybersecurity specialist and KnowBe4’s Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Organisations rely on KnowBe4 to mobilise their end users as their last line of defence and trust the KnowBe4 platform to strengthen their security culture and reduce human risk.