Tenable Study Finds Australian Organisations Cannot Prevent 42% of Cyberattacks
56% of cybersecurity teams are too busy fighting critical incidents to take a proactive stance
November 1, 2023 · Sydney, Australia
Tenable®, Inc., the Exposure Management company, published a new study revealing that Australian organisations could not prevent 42% of cyberattacks on their businesses, only successfully stopping 58% of cyberattacks over the past two years. Consequently, organisations have had to rely on reactive measures rather than preventing attacks from occurring in the first place.
The study further revealed that 75% of Australian respondents believe their organisations could better defend against cyberattacks with more resources dedicated to preventive cybersecurity. However, a concerning 56% indicated that their cybersecurity teams spend the majority of their time addressing critical incidents, hampering their capacity to take a proactive stance.
The data is drawn from the Australian edition of “Old Habits Die Hard: How People, Process and Technology Challenges Are Hurting Cybersecurity Teams in Australia,” a commissioned study of 825 IT and cybersecurity professionals including 100 Australian respondents conducted in 2023 by Forrester Consulting on behalf of Tenable.
The study, which underscores the importance of a proactive, rather than reactive, approach to cybersecurity, emphasises how fragmented cybersecurity tools obstruct organisations from consistently and accurately assessing their cyber risks. Furthermore, the findings indicate that significant challenges arise not just from external threats, but also from inherent issues within the organisation's own structure and operations.
“Siloed cybersecurity tools, and by extension, the teams behind them, are inadvertently preventing organisations from having a clear, continuous and comprehensive view of their cyber risk,” said Scott McKinnel, Country Manager at Tenable ANZ. “Internal mindsets further complicate matters, and make collaboration between IT and security teams challenging. The findings show that 48% believe coordination between these teams is difficult, while 62% highlight IT is more concerned with system uptime over patching and remediation.”
The Australian government has advocated for companies to rely less on third-party tech providers because of the cyber risks involved. The study validates this concern highlighting that even though 65% of organisations use a third-party program for software and services, a little under half (46%) have high and very high visibility into third-party environments.
McKinnel noted, “While there are no quick fixes to these challenges when we look at key differences between low-maturity and high-maturity organisations across the overall sample, some themes begin to emerge that can serve as a guide for organisations looking to reduce their risk.”
- Low-maturity organisations are more likely to be stuck in reactive mode. In the past 12-24 months, high-maturity organisations preventively defended against 61% of the attacks they experienced and reactively mitigated against the rest. In low-maturity organisations, 56% of attacks were preventively defended while 44% were reactively mitigated.
- High-maturity organisations see the value in data aggregation: 57% use aggregation tools to collect and analyse data to quantify risk exposure, compared with only 46% of low-maturity organisations.
- High-maturity organisations spend far less time each month producing reports for business leaders than their low-maturity counterparts: 57% of high-maturity organisations say it takes 11 hours or more to produce such reports, compared with 72% of low-maturity organisations.
To read the full study, visit: here
Note to Editors:
- Forrester Consulting conducted an online survey of 825 IT and cybersecurity professionals including 100 Australian respondents at large enterprises in the US, the UK, Germany, France, Australia, Mexico, India, Brazil, Japan, and Saudi Arabia. The study was fielded in March 2023.
- Maturity Modelling: Respondents were scored based on their answers to questions measuring different aspects of their maturity: their use of preventive security tools, how they prioritise resources to reduce threat exposure, and the degree of visibility and collaboration within their organisation. Forrester scored those in the bottom 20% as low maturity, the middle 60% as medium maturity, and the top 20% as high maturity.
Tenable® is the Exposure Management company. Approximately 43,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include approximately 60 percent of the Fortune 500, approximately 40 percent of the Global 2000, and large government agencies. Learn more at tenable.com.
Stay up to date!
Subscribe to our email alerts for new press releases.