Australia leads on tackling data breaches but lags on cybersecurity

  • By Christine St Anne

Two separate studies have revealed that Australia is at the forefront of tackling data breaches but are still not fully prepared to address the challenge of cybersecurity. 

A report by CyberArk has found that Australia is a clear leader when it comes to preparedness to comply with global compliance in the event of a data breach. 

Its findings also revealed that 62 per cent businesses say they are completely prepared to comply with Australia’s Data Breach Notification Law – up from 47 per cent in 2018. 

Australian financial organisations are also seem well prepared to comply with global standards.

CyberArk found that 57 per cent of businesses say they are completely prepared for breach notification and investigation in compliance with the GDPR – compared with 46 per cent globally.

Forty nine per cent of organisations also believe they are ready for California’s Consumer Privacy Act which will come into effect in 2020 – compared with 37 per cent globally.

The report also found that France, Australia, the US and Singapore (all at 68 percent) are the leaders in practicing proactive security. 

Another report found that inadequate education, leadership and funding are major barriers to cybersecurity preparedness in Australia, 

The study of 200 business decision makers in Australia by Sophos found that across Australia, the majority (60 per cent) of business decision makers believe lack of security expertise is a challenge for their organisation, with 65 percent observing recruitment of skills to be a struggle. 

This comes down to the set-up of cybersecurity within organisations, which commonly sees IT staff tasked with security in addition to their other responsibilities.
 
The Sophos report also found that there is also a wider corporate cultural issue, relating to attitude and behaviour, impacting corporate cybersecurity. 

In fact, 87 percent of Australian organisations believe the biggest challenge to their security in the next 24 months will be improving cybersecurity awareness and education among employees and leadership.

Thirty four per cent of Australian organisations said they had been breached in the last 12 months – the second highest of all the surveyed countries.

For CyberArk’s Matthew Brazier, financial institutions must look at the threat of cybersecurity as going beyond compliance. 

“The reality is that cybersecurity is an enabler – not a tick box exercise or a roadblock to productivity,” the regional director of the business said.

“As regulatory penalties become more severe, and cyberattacks become increasingly debilitating, electing to pay fines is not a sustainable strategy,” Brazier said.

“Proactively managing and securing the privileged credentials that are fundamental to the operation of critical data and assets is essential. In today’s digital economy, this is the most valuable step security teams can take to support wider business initiatives.”