Australian organisations would spend an average of just under $166,000 in response to a major cyber event, coming in ‚Äúsignificantly lower‚ÄĚ than the global average of nearly $290,000.
According to findings by Malwarebytes, threats are taken seriously by Australian organisations, ‚Äúbut only to a point‚ÄĚ.
Conducted by Osterman Research, the survey spanned 900 senior IT decision makers across Australia, Germany, the US, UK, and Singapore.
‚ÄúAustralian organisations are less likely than the global average to treat problems like ransomware and phishing as ‚Äėvery serious‚Äô,‚ÄĚ the report stated.
‚ÄúAnd they are much less likely than the global average to consider problems like nation-state attacks and hacktivism as very serious problems.‚ÄĚ
Yet the average security budget for Australian organisations is set to increase.
The average budget was nearly $462,000 for a 2,500-employee organisation in 2017, and will increase by almost 19 per cent in 2018.
That being said, security budgets in Australia are lower than the global average by 14 per cent, and despite increasing, are projected to still be 10 per cent lower in 2018.
Australian organisations spent the least among the nations surveyed on remediating active compromises ‚Äď 7.9 per cent of their 2017 budget ‚Äď significantly lower than the global average of 12.5 per cent.
‚ÄúAs malware and cyber criminal activity advances and becomes more complex, the report highlights a growing need for Australian businesses to revisit how they identify, protect against and remediate malicious cyber activity,‚ÄĚ said Jim Cook, regional director of Australia and New Zealand (A/NZ) at Malwarebytes.
Delving deeper, Cook said Australian organisations experienced fewer security incidents over the past 12 months than the global average, however this may be set to change with the recent data breach notification laws coming into effect.
During the past 12 months, 67 per cent of Australian organisations were impacted by some type of security threat compared to the global average of 73 per cent.
According to findings, Australian organisations suffered an average of only 0.6 ‚Äúmajor‚ÄĚ events during 2017.
Despite this, Australian organisations “suffer their fair share of attacks”, with 67 per cent of Australian organisations surveyed stating they have been impacted by some sort of threat during the previous.
They were also more likely than the global average to experience ransomware infections.
‚ÄúIt is a concern that this report indicates that Australian businesses were more likely to experience ransomware infections than their global counterparts,‚ÄĚ Cook added.
‚ÄúDespite the increased risk facing Australian businesses, our budgets remain the lowest of the nations surveyed.
‚ÄúThis highlights how important it is for cyber security to remain a top priority for Australian organisations, especially as they look to set their business strategies and plans in motion for 2019.‚ÄĚ
Meanwhile, salaries for security professionals in Australia are the highest of the nations surveyed – the average starting salary for an entry-level security professional in Australia is substantially higher than the global average.
Despite this, the prevalence of black hat activity in Australia is similar to the global average of other nations surveyed at 41 percent.
‚ÄúThe current skills shortage combined with a steady stream of attacks against antiquated endpoint protection methods continues to drive up costs for today‚Äôs businesses, with a seemingly larger hit to security departments of mid-market enterprises,‚ÄĚ added Marcin Kleczynski, CEO of Malwarebytes.
‚ÄúOn top of this, we are seeing more instances of the malicious insider causing damage to company productivity, revenue, IP and reputation. We need to up-level the need for proper security financing to the executive and board level.
‚ÄúThis also means updating endpoint security solutions and hiring and rewarding the best and brightest security professionals who manage endpoint protection, detection and remediation solutions.‚ÄĚ