63% of Australian Organizations Expect to Face a Cyberattack Within a Year

Nearly two-thirds of Australian organisations think a potential cyberattack on their organization is likely or very likely in the next 12 months, according to the 2021 Australian Cybersecurity Risk Report, a new report from Varonis Systems.

For the inaugural study, Varonis analysed 515 responses from C-level executives and senior managers in decision-making roles. Surveyed companies include small to large businesses across industries that include IT and telecom, financial services, government, manufacturing, professional services, education, and healthcare.

Key findings from the 2021 Australian Cybersecurity Risk Report include:

- 82% of Australian organizations rated their ability to protect themselves from a cyberattack as good or very good.

- Almost two-thirds (63%) think a potential cyberattack on their organization is likely or very likely in the next 12 months.

- Organizations listed data loss or theft as the biggest cybersecurity concern (53%), followed closely by human error (40%) and insider threats (37%).

- Loss of brand reputation was rated the top overall concern by 29% of organizations, followed by loss of intellectual property (24%) and costs associated with a cybersecurity breach (18%).

- Nearly three-quarters (71%) of organizations store sensitive information in Microsoft 365.

The report aims to shed light on how Australian organizations are adjusting to modern security challenges, safeguarding sensitive data, and mitigating risk from ransomware and insider threats. The report also offers insight into what businesses can do to minimize their risk.

Scott Leach, Vice President of Sales, APAC, at Varonis, says, “Four in five respondents are confident they can defend against an attack – a surprising statistic in light of today’s evolving threats and big ransomware payouts. Executives and board members must put their data first and proactively turn to cyber resilience – preventing breaches by limiting an organization’s ‘blast radius’ – the potential damage a compromised user or account could do during an attack.”

According to the report, “The high value of sensitive data, combined with the lack of knowledge over where this data is located and who has access to it, makes organizations prize targets for threat actors.”

Varonis recommends organizations take the following proactive steps to improve their security:

  • Develop, implement and enforce data management and data access policies.
  • Provide cybersecurity education for staff to avoid falling victim to phishing and spearphishing attacks.
  • Focus on reducing the damage attackers can do by limiting your blast radius – the damage attackers can do once inside your environment.

Read the 2021 Australian Cybersecurity Risk Report.