CFOtech Australia - Technology news for CFOs & financial decision-makers
Story image
Australian businesses downplay cyber threat despite rising concerns
Tue, 21st Nov 2023

A new report showing the state of cybersecurity among Australian businesses has revealed a prevailing 'it-won't-happen-to-me' attitude. This viewpoint is particularly prevalent in small-to-medium-sized businesses (SMBs) and enterprises, with 66% and 55% respectively unsure or outright believing that they are not potential targets for cyber attacks. The report was conducted by OpenText as part of their annual ransomware research.

The perspective of denial regarding potential cyber threats comes even after the recent high-profile cyber attack on Port Operator DP, which handles nearly 40% of Australia's goods in transit.

Prentiss Donohue, Executive Vice President of OpenText Cybersecurity, highlighted that "no business, irrespective of its size or industry, is at risk", indicating that such complacency poses a concurrent risk.

Despite this denial, a significant degree of concern about ransomware attacks prevails across SMBs and enterprises. As per the report, 92% of SMBs and 86% of enterprises are either extremely or somewhat concerned about potential ransomware attacks. In tandem with the increasing use of artificial intelligence by cyber threat actors, over half of SMBs and enterprises (56% each) feel more susceptible to a ransomware attack.

Interestingly, organisations are gearing up their defensive strategies to compensate for these increasing threats. Plans to increase cybersecurity budgets by 10 to 20% are proposed by 39% of SMEs and 33% of enterprises. Moreover, around half of SMEs (51%) and enterprises (45%) intend to boost their cybersecurity workforce by 5 to 10% to maintain vigilant security oversight.

Further highlighting the perceived risk, the survey found that optimism bias still prevails. Although around half of all SMBs and enterprises (48% and 45% respectively) had previously experienced a ransomware attack, 66% of SMBs and 55% of enterprises continued to either disbelieve or were unsure they were a potential target for such threats. The prevalence of this attitude shows a slight increase from the previous year's data.

Despite companies largely denying their viability as targets, there is nevertheless a universal worry about ransomware attacks across SMBs and enterprises.

The report cites that 92% of SMBs are exceedingly or somewhat concerned about a ransomware attack, showing a small rise from the previous year's figure of 88%. The worry is echoed by the measure that 86% of enterprises are either exceedingly or somewhat concerned about potential ransomware attacks.

Security is still a pressing concern for businesses in light of these threats, with plans for increased security spending and personnel expansion. Over half (54%) of SMBs intend to increase their security budgets in 2024, and of that figure, the vast majority (80%) plan to increase it between 5% and 20%.

This sentiment is similar amongst enterprises, with 63% planning to increase their security budget in 2024, with a majority (72%) planning an increase between 5% and 20%.

To strengthen their defensive capabilities, companies also plan to hire more staff to work on cybersecurity. Almost half of SMBs (46%) and enterprises (47%) are intending to increase the number of employees dedicated to cybersecurity, with most of those companies planning to increase staffing numbers by 5 to 10%.