The results of a recent survey analysing the cyber security landscape of Australia and New Zealand are being welcomed by industry experts after they revealed a significant uptick in leader awareness.
The 2018/2019 BDO and AusCERT Cyber Security Survey Report garnered responses from almost 500 SME leaders across a variety of industry sectors, with close to 75% of those based in Australia.
The survey found that by 2020, 84.8% of respondents plan to implement regular cyber security risk assessments, while 86.4% of respondents expect to have a cyber security awareness program in place.
Leon Fouche, national cyber security leader at BDO, said this year’s survey was far more encouraging than previous studies, as it indicated the vast majority of SMEs are now taking meaningful action.
“At BDO, we strongly believe an organisation’s approach to cyber security planning and management is set from the tone at the top,” said Brisbane-based Fouche. “With this in mind, this year’s results are music to our ears!”
Fouche said one of the most encouraging takeaways from the survey was that there has been a genuine uplift in leadership awareness and improved reporting to senior levels.
“It is action like this that allows organisations to strengthen their cyber security resilience,” he said.
Unsurprisingly, Fouche pointed to the changing regulatory landscape – most notably the NDB Act – as a key driver behind the increased awareness.
“These changes have been a valuable mechanism to uplift cyber security maturity and instil a stronger focus on planning,” he said. “With this has come higher spending on cyber security measures and a rise in confidence among respondents regarding their level of preparedness.”
Of course, the survey wasn’t all good news – it also revealed that significantly more work needs to be done to manage the impact of cyber incidents, particularly developing breach response plans and adopting cyber insurance.
“The regulations and leadership support have clearly had a positive impact on helping respondents prevent a cyberattack, but many still appear vulnerable once an attack happens,” says Fouche.
Another interesting trend picked up in the report centres on how cyberattacks are now impacting organisations in different ways – while SMEs are reporting less business disruption, the potential for reputation damage is on the rise.
“Regulatory changes have brought cyber resilience into the public eye and rarely a month goes by without the media reporting on a cyber breach and the impact it’s had on an organisation’s customers,” says Fouche. “Intangible risks like these are challenging to recover from and impossible to insure against.”