When it comes to enterprise cybersecurity maturity, Australia is significantly outpacing most of its peers in the Asia-Pacific region but should not be resting on its laurels any time soon, according to the findings of a new report by IDC.
The report was based on research conducted with more than 860 organisations across the region and 106 organisations in Australia.
‘IDC Security MaturityScape Benchmark: IT Security in Australia, 2017’ indicates that more than half (51.3 per cent) of Australian organisations are at stage two of the IDC’s five-stage maturity model. The IDC calls this stage ‘Reactive Responders’. While a marked improvement over the first stage ‘Naive Novice’, it still leaves plenty of room to move through stage three ‘Compliant Companion’ and stage four ‘Proactive Partner’, en route to stage five ‘Predictive Professional’. IDC found that while 10.1 per cent are stuck at stage one, 21.1 per cent are at stage three and 15.1 per cent are at stage four. Only 2.4 per cent of Australian organisations are optimised, having attained stage five.
According to IDC, in an optimised organisation, risk is recognised as an element of the overall business value proposition resulting in an efficient and effective economics-driven enterprise security strategy. C-suite endorsement is critical to success.
The report discovered that the silver lining in the dark cloud of ransomware that plagued Australia in 2016 is that Australian companies appreciably increased their security budgets and revamped their security strategy as a direct result.
Admitting that 2016 was a record year for security breaches, Lydie Virollet, market analyst, IT services and cybersecurity, IDC Australia said these events pushed Australian organisations to increase awareness of their assets, potential risks and how to mitigate them. She emphasised the need to focus beyond downtime and loss of revenue to also develop strategies to minimise damage to brand reputation.
Businesses hit by high-profile cyber attacks faced significant financial losses, legal action, a tarnishing of their brand reputation and a reduction in both customer acquisition and retention.
“Australian organisations do not have the security maturity, nor the skills, to cope with today and tomorrow’s threat landscape. Building strong relationships with trusted providers, carefully selected based on the company’s assets and maturity, will be critical for their survival,” she said.