The global report from cyber security outfit Proofpoint, found than 77 per cent of Australian chief information security officers (CISO) say their organisation is unprepared to detect, deter and recover from a cyber attack, the highest of 14 counties surveyed and up 21 per cent from 2021.

Proofpoint surveyed 1400 CISOs globally and found 76 per cent of Australian CISOs consider human error to be their biggest cyber vulnerability, with work-from-anywhere set ups and The Great Resignation presenting new challenges around information protection.

Ransomware headlines have largely increased cyber risk awareness among the C-Suite, with 72 per cent of Australian CISOs reporting they had purchased cyber insurance (against a global average of 58 per cent), though 30 per cent of Australian CISOs said they have no ransom payment policy in place.

According to the Australian Cyber Security Centre (ACSC), 500 ransomware attacks were reported in the 2020-21 financial year, an increase of nearly 15 per cent from the previous year.

Yvette Lejins, resident chief information security officer for Proofpoint’s Asia Pacific region and former Jetstar CISO, said the federal government’s landmark $9.9bn investment in cyber security preparedness demonstrated the scope and importance of the issue, yet Australian CISOs still feel the least prepared globally to deal with the consequences of a cyber attack.

“From the conversations I’ve had with board members, there really are few technologists or people with IT knowledge that sit on boards,” Ms Lejins said in an interview.

“They often have heavy experience in financial management for example or safety risks so there’s specialisation there, but when it comes to cyber we know that so few board members have a technology focus or understanding, let alone an understanding of cyber.

“There’s a lack of maturity there and there needs to be an evolution in the way that companies report to the board as well as a risk management conversation. We need to fix the knowledge gap.”

Ms Lejins said that attacks are increasing overall amid rising geopolitical tensions, ongoing conflict in Ukraine and the upcoming federal election.

“Every time there is a federal election we definitely see phishing emails trending upwards, and the Russian invasion of Ukraine has led to a spike in ransomware and phishing threats as well,” she said. “That unpredictable geopolitical environment is something that bad actors latch on to.”

Proofpoint’s vice president Lucia Milică said that 2021 was a landmark year for cyber security, with high-profile attacks disrupting supply chains and new cyber security legislation passed across the globe.

“As the impact of the pandemic on security teams gradually fades, our 2022 report uncovers a pressing issue,“ she said. “As workers leave their jobs or opt out of returning to the workforce, security teams are now managing a host of information protection vulnerabilities and insider threats.”

More related stories

Technology

Drone deliveries are coming as Amazon trials take flight

Meet the Melbourne-raised son of an aircraft mechanic who’s in charge of Amazon’s global plan for using drones to deliver its packages.

Read more

Business

‘We need to scale up in tech or be left behind’

Change is happening everywhere, and fast. Australia needs to pay attention and respond appropriately to ensure we can harness it to our own benefit, says entrepreneur Daniel Petre.

Read more