Australian organisations would spend an average of just under $166,000 in response to a major cyber event, coming in “significantly lower” than the global average of nearly $290,000.
According to findings by Malwarebytes, threats are taken seriously by Australian organisations, “but only to a point”.
Conducted by Osterman Research, the survey spanned 900 senior IT decision makers across Australia, Germany, the US, UK, and Singapore.
“Australian organisations are less likely than the global average to treat problems like ransomware and phishing as ‘very serious’,” the report stated.
“And they are much less likely than the global average to consider problems like nation-state attacks and hacktivism as very serious problems.”
Yet the average security budget for Australian organisations is set to increase.
The average budget was nearly $462,000 for a 2,500-employee organisation in 2017, and will increase by almost 19 per cent in 2018.
That being said, security budgets in Australia are lower than the global average by 14 per cent, and despite increasing, are projected to still be 10 per cent lower in 2018.
Australian organisations spent the least among the nations surveyed on remediating active compromises – 7.9 per cent of their 2017 budget – significantly lower than the global average of 12.5 per cent.
“As malware and cyber criminal activity advances and becomes more complex, the report highlights a growing need for Australian businesses to revisit how they identify, protect against and remediate malicious cyber activity,” said Jim Cook, regional director of Australia and New Zealand (A/NZ) at Malwarebytes.
Delving deeper, Cook said Australian organisations experienced fewer security incidents over the past 12 months than the global average, however this may be set to change with the recent data breach notification laws coming into effect.
During the past 12 months, 67 per cent of Australian organisations were impacted by some type of security threat compared to the global average of 73 per cent.
According to findings, Australian organisations suffered an average of only 0.6 “major” events during 2017.
Despite this, Australian organisations "suffer their fair share of attacks", with 67 per cent of Australian organisations surveyed stating they have been impacted by some sort of threat during the previous.
They were also more likely than the global average to experience ransomware infections.
“It is a concern that this report indicates that Australian businesses were more likely to experience ransomware infections than their global counterparts,” Cook added.
“Despite the increased risk facing Australian businesses, our budgets remain the lowest of the nations surveyed.
“This highlights how important it is for cyber security to remain a top priority for Australian organisations, especially as they look to set their business strategies and plans in motion for 2019.”
Meanwhile, salaries for security professionals in Australia are the highest of the nations surveyed - the average starting salary for an entry-level security professional in Australia is substantially higher than the global average.
Despite this, the prevalence of black hat activity in Australia is similar to the global average of other nations surveyed at 41 percent.
“The current skills shortage combined with a steady stream of attacks against antiquated endpoint protection methods continues to drive up costs for today’s businesses, with a seemingly larger hit to security departments of mid-market enterprises,” added Marcin Kleczynski, CEO of Malwarebytes.
“On top of this, we are seeing more instances of the malicious insider causing damage to company productivity, revenue, IP and reputation. We need to up-level the need for proper security financing to the executive and board level.
“This also means updating endpoint security solutions and hiring and rewarding the best and brightest security professionals who manage endpoint protection, detection and remediation solutions.”
