Research highlights from Datacom’s State of Cybersecurity Index show AI-based attacks are top of mind and senior leaders might be overestimating their organisations’ readiness to recover from cyber incidents.
New research has found security leaders and employees are not on the same page when it comes to their assessment of cybersecurity preparedness and understanding of cybersecurity risks.
Most security leaders (71%) believe employees are adequately informed about cyber risks but only 51% of employees agree, indicating employees may not recognise or know how to respond to a cyber threat accordingly.
The majority of leaders also believe they have adequate resources in place to respond in the event of a cyber attack but just 26% of New Zealand security leaders and 38% of Australian security leaders have a business continuity or resiliency plan in place to respond to a cyber security incident.
Datacom’s State of Cybersecurity Index draws on a TRA survey of more than 200 security leaders and 500 employees across New Zealand and Australia.
The survey also asked respondents about their top cybersecurity concerns: the biggest cybersecurity worry for senior leaders and employees was AI-based attacks, followed by phishing and social engineering scams, the broader security risks posed by growing AI adoption within organisations, and DDoS attacks.
Datacom CISO Collin Penman says while AI is creating new cybersecurity challenges, it can also be harnessed to protect organisations from attacks.
“Respondents are right to be concerned. AI-powered tools have enabled cybercriminals to create highly convincing phishing emails at scale.
“AI-powered botnets can now also modify their own code to evade detection, propagate to other devices without human intervention, and optimise their attacks based on the security response. The advancement of deepfake technology has opened new frontiers for sophisticated social engineering attacks.
“But I believe the pendulum is swinging back towards the light, with the potential for AI-driven cybersecurity tools to level the playing field. AI can be used to detect anomalies in network traffic, identify potential threats before they materialise, and automate incident response processes, allowing security teams to stay one step ahead of attackers. To truly harness the power of AI for cybersecurity, organisations need to invest in the right talent and infrastructure.”
Penman says one of the other important findings from Datacom’s State of Cybersecurity Index research is that the vast majority of employees still see cybersecurity as the remit of the IT team, which has worrying repercussions.
Just over 30% of respondents believed cybersecurity was “everyone’s” responsibility, while the majority identified it as the responsibility of the IT and/or cybersecurity team, or the role of managers and senior leaders.
“We all clearly have work to do within our organisations to get everyone on the same page in understanding the evolving cyber threat landscape, and putting in place the policies, processes and governance to allow people to do their work productively and safely.”
Penman adds that breaches often come down to human error and it is essential that employees understand their role in keeping their organisation safe.
“We also can’t overlook basic cybersecurity hygiene, informed by industry best practice and standards, such as CERT NZ’s Ten Critical Controls and the Australian Government’s Essential Eight.”
Cyber burnout was another issue identified by the research with 61% of New Zealand and 58% of Australian security leaders identifying as having cyber burnout within their security or IT teams, meaning their employees are stressed or constantly under pressure.
Datacom New Zealand managing director Justin Gray says one of the clearest messages coming through from the report is that cybersecurity needs to be the remit of the entire organisation.
“While our senior IT and cybersecurity leaders are the experts, they need the backing of their leadership teams and all of their colleagues to ensure the right security practices are being followed. More work needs to be done to ensure our teams are better informed about cybersecurity threats and the role they play in protecting their organisation.”
To download the full report visit datacom.com.
