A recent survey by cybersecurity firm LogRhythm revealed that businesses in Australia and New Zealand have major concerns about their cybersecurity strategies, with four in 10 companies in the region having lost business in the past 18 months due to customers' lack of confidence in their cybersecurity measures. Despite 81% of security executives rating their companies' cybersecurity defenses as “good” or “excellent,” the survey revealed a significant disconnect between internal perceptions and customer trust.
The report, titled “The State of Security Teams 2024: Adapting to Constant Change”, surveyed 1,176 cybersecurity professionals and executives around the world, with a significant sample from the Asia-Pacific region, including Singapore, Malaysia, Indonesia, Japan, India, Australia and New Zealand. The findings show that more than three-quarters of Australian and New Zealand businesses have had to adjust their cybersecurity strategies in response to these trust issues.
This shift in strategy is being driven by a dynamic threat landscape. 76% of respondents in Australia and New Zealand reported that their company has changed its security strategy within the past year. Notably, 67% said that the adoption of artificial intelligence for threat management and new security solutions was the main driver of this change. Other key drivers include new attack types (60%), changing regulatory or compliance requirements (58%), and budget changes (35%).
Another key finding from the survey is the growing expectation that senior management will be held accountable for cybersecurity breaches. Approximately 49% of respondents believe that cybersecurity leaders and CEOs should be responsible for preventing and responding to cyber incidents. This attitude reflects a trend toward recognizing cybersecurity as a critical component of business strategy and corporate governance, rather than simply a technical issue.
Despite high expectations from leadership, a communication gap remains between security teams and non-security executives. 75% of ANZ's cyber security team feel well-equipped to communicate the current security state to key stakeholders, but 19% still struggle to communicate the importance of certain security measures to non-technical executives. Interestingly, only half of respondents agreed that non-security executives understand the company's regulatory obligations, which could lead to misunderstandings about the value of cyber security investments.
The survey also highlights disparities in resource allocation and communication. While 64% of ANZ respondents reported that their cybersecurity budgets have increased due to changes in the threat landscape, this figure is below the global average of 76%. Still, 75% are confident they have the tools, people, expertise and budget needed to defend their organizations against cyber attacks.
Communication barriers also extend to reporting on cybersecurity metrics: Most security reports focus on critical data like breaches (69%), incidents (62%), and response times (56%), with less emphasis on other operational metrics like time to detection (49%) and time to recovery (23%). Additionally, security teams continue to rely on manual, time-consuming methods to share security status information, including static reports (75%), meetings (84%), and email (62%).
Matthew Lowe, ANZ Country Manager, LogRhythm, stressed the need for an enterprise-wide approach to cyber security, stating that executives need to work closely with cyber security experts to make informed strategic decisions while allocating the necessary resources. He also noted the importance of improving collaboration between security and non-security teams, fostering a common understanding of each team's requirements, and leveraging automation technology to optimize reporting processes.
