In a recent media briefing, hosted by ANZ Cybersecurity Director, Corien Vermaak at Cisco, the complex nature of cybersecurity preparedness and the challenges facing organisations as they allocate resources to fortify their defences was presented. The prevailing sentiment is that merely increasing budgetary allocations may not be the panacea or silver bullet to resolve the myriad of cybersecurity issues that organisations face.

Vermaak commented, “Money, unfortunately, doesn’t solve all of our problems as the problems are nuanced across technology people and processes, and just throwing money at the problem won’t necessarily resolve it.”

It is heartening to note that 85% of organisations anticipate their cybersecurity budgets to surge by more than 10% within the next 12 months. Despite this positive outlook, there are concerns about the sufficiency of a 10% budget increase to counterbalance the escalating costs of technology to drive innovation and change.

The industry is renowned to put major emphasis on increasing cybersecurity budgets, which is tied to a variety of factors, such as the digitisation of operations, a surge in cyber attacks, and the financial repercussions of cyber incidents. As a result, 60% of organisations are contemplating augmenting their budgets by 20% or more, aligning with the requisites for innovative changes in cybersecurity strategies.

Additionally, there is also a push from the insurance industry for organisations to exhibit continuous improvement in their cybersecurity posture to remain insurable. To this end, many companies are steering their focus towards upgrading existing cybersecurity solutions, investing in new technologies, and embracing AI-driven defences.

AI Is More Than A New Front on the Cybersecurity Battleground

Amidst the optimism surrounding expanded budgets, there are lingering concerns about the effectiveness of cybersecurity investments, particularly in the context of AI solutions and the trustworthiness of defences. As a result, this prompts the necessity for organisations to judiciously assess and allocate their already limited budgets across various verticals, ensuring that technology solutions address not only security concerns but also resource and velocity constraints.

Vermaak went on to say, “How do we fortify with AI? And that’s really important. As we suffer a skill shortage and the complexity across these complex network stacks that we’ve built, how do we simplify and augment the skills that we have by using AI?”

The global readiness measure reflects 11% of organisations are in the beginner phase, 60% in the formative phase, and only 3% categorised as mature. In Australia, the data showcases 19% in the beginner phase, 62% in the formative phase, and a mere 1% in the progressive phase.

Delving into the readiness pillars unveils disconcerting statistics where only 1% demonstrate maturity in identity, 4% in machine trustworthiness, and 23% in network resilience. The challenges in fortifying cloud infrastructure also mirror these trends.

Despite the evolving scenario, organisations express confidence in their ability to withstand the cyber criminals, with 45% feeling assured of their resilience. However, there’s a caveat that this confidence might be deep rooted in outdated controls, although it’s heartening that 35% of security budgets have experienced an increase.

Moreover, the spectre of cybersecurity incidents disrupting business looms large, with 69% of organisations expecting such disruptions within the next 12 to 24 months. Compounding these concerns are the complexities stemming from the adoption of numerous cybersecurity products, resulting in management challenges and resource limitations.

Cybersecurity Still Has A People Problem

The talent shortage in cybersecurity, a common controversial topic was pronounced in Australia, is a source of consternation for 81% of organisations, leading to over 10 unfilled cybersecurity positions in 42% of respondents, contributing to the complexity of security management.

The Facets of Change in Cybersecurity

Vermaak reiterated the call for resiliency in cybersecurity is inescapable. The ability to swiftly restore services and maintain high availability in the event of a breach emerges as a critical imperative for companies.

Overall it was clear in this media briefing that the multifaceted challenges facing the cybersecurity industry and the need for organisations to adapt and fortify their defences. The trend towards hyper-connectivity, the myriad threats ranging from credential stuffing to generative AI, and the conundrum of user behaviours only serve to amplify the complexities faced by organisations.