With the latest influx of cyber breaches and malware attacks, organisations across the globe are experiencing a challenging IT landscape. This study on Cybersecurity and PII, commissioned by ManageEngine, explores 'cyber resilience' amongst organisations across Australia and New Zealand (ANZ).
We surveyed 300 professionals working in IT and in other business functions. Respondents included 250 decision-makers across IT and cybersecurity who were surveyed in Australia, and 50 in New Zealand.
Of 73% of the respondents working in a hybrid model—some worked days remotely with other days worked in the office.
More than four in five organisations (81%) have staff working from home, out of which 75% agree that maintaining a secure work environment is more challenging when employees are working from home or anywhere.
The top three concerns respondents have about cybersecurity, and employees working from home are:
Unsecured Wi-Fi networks
Risks due to personal devices and personal use of corporate devices
Phishing attacks
Of the respondents, 63% said that they are not aware of, or don’t know about the Essential Eight framework.
Out of the 63% responding, 43%are working in C-suite or senior management roles, and
35%cite cybersecurity as their primary role.
Out of the 55% who are familiar with the term cyber resilience, 76% of respondents said their organisation has a cyber resilience policy, and 24% of IT decision-makers said their organisation didn’t have a cyber resilience policy, or they didn’t know if it had one.
Of the 82% of respondents whose specific role is cybersecurity that were aware of cyber resilience, 88% of this group said their organisation has a cyber resilience policy.
Out of 55% who are familiar with cyber resilience, 51% of respondents said less than 24 hours is defined as 'return to normal' in their cyber resilience plan/strategy.
Of the respondents, 74% said their organisation has not paid a ransom to recover data, 10% say they have paid a ransom.
The top three concerns implemented in most organisations are:
Cyber awareness and training
62%
Cyber risk and threat management
58%
Incident response and recovery plan
52%
Out of the 58%
of respondents who can comment on PII management:
In terms of PII stored, 70% of these organisations have information on current customers, and 66% have information on current employees. Additionally, 55% have information on past customers, 41% have information on past employees, and 37% have information on potential customers.
Today,
of organisations have a data retention policy.
Only 57% of organisations have reviewed management of personally identifiable information (PII) in the last 12 months, out of which 63% claim recent major data breaches are the major or compelling reason for their organisation to review the management of PII, and 44% say their policies changed as a result of the review.
Of the 12% who have had a data breach in the last 12 months, 84% of respondents experienced between one and five data breaches over the past 12 months, with 51% of these respondents' breaches involving PII violations.
Of the 78% who are aware of major data breaches in other organisations, 26% said they hadn’t modified cybersecurity practices due to breaches in other organisations, and 22% said they weren’t aware of recent major cybersecurity breaches occurring in Q3 2023.
Of the 47% who were aware of major data breaches and could comment on PII, 54% said the management of PII has not changed.
Of the 73% of organisations that experienced a breach over the last 12 months, respondents said it takes them less than 24 hours after critical systems are taken offline, or impacted in a cyberattack, to recover and restore operations.
In light of the recent high-profile breaches, this survey has tested the knowledge and readiness of ANZ organizations with regards to cyber resiliency and security. Responses from the research participants determined these findings:
Prepare your organisation for the digital workplace of the future.
