Australian businesses overestimate cyber recovery as losses soar

A new global survey has highlighted significant concerns among Australian IT leaders regarding their organisations' preparedness to recover from cyber incidents, with complexity and lack of expertise cited as key vulnerabilities.

The research, commissioned by managed infrastructure provider 11:11 Systems, surveyed over 800 senior IT, security and risk leaders across North America, Europe, and Asia-Pacific, including Australia. The findings reveal a considerable gap between perceived capability and actual preparedness in Australian businesses facing cyber threats.

Overconfidence amid rising threats

According to the study, 84% of IT leaders in Asia Pacific believe their organisations are overconfident about their cyber incident recovery capabilities, even as challenges mount. In Australia specifically, 88% reported experiencing at least one cyberattack in the past 12 months, with nearly two-thirds (63%) facing two or more attacks during that period.

AI adoption is also a growing concern. Three-quarters of Australian survey participants worry that integrating artificial intelligence into their businesses could increase their vulnerability to cyber attacks.

Complexity a major barrier

Almost half (48%) of Australian respondents cited the complexity of planning for cyber recovery as their greatest concern. This was a slightly higher proportion than the global average of 45% reported by respondents across North America and Europe. Planning complexity is seen as a significant obstacle to establishing effective cyber defences and incident response measures.

Significant financial consequences

The financial impact of cyber-related downtime is notable. Among Australian respondents, 73% reported losses of up to USD $500,000 from just one hour of downtime. An additional 16% reported losses between USD $501,000 and $1 million, with 11% stating costs exceeded USD $1 million for an hour of disruption.

Recovery following a cyber event can be slow, with 61% of those surveyed saying it takes between one and two weeks to return to normal operations. This extended downtime can quickly accumulate, costing organisations not only through lost business opportunities but also legal fees, fines, and operational disruption.

Low uptake of expert support

Despite these financial and operational risks, only 14% of Australian businesses have made full use of expert cyber recovery providers. Instead, nearly half (49%) reported using a hybrid model, 30% handled recovery solely in-house, and 7% admitted to having no formal recovery plan at all.

Recovery priorities and protection strategies

Responses to improving cyber recovery preparedness were varied. Nineteen percent advocated for better staff training and awareness, while 27% prioritised improved integration of cyber resiliency and disaster recovery planning, followed by greater investment in cyber incident recovery solutions. A similar proportion (19%) said that more frequent testing and simulation exercises were needed, and 17% called for increased automation in recovery procedures.

Recovery solution customisation also emerged as an important factor. Seventy-eight percent of Australian respondents considered application-level recovery customisation extremely important, and a further 16% described it as somewhat important.

Budget increases expected

There appears to be an intention to address at least some of these gaps, with 93% of Australian respondents planning to invest in cyber incident recovery within the next year.

Regional differences and emerging risks

The survey found that APAC experienced fewer major incidents compared to North America and Europe (21% compared to 31% and 23% respectively). However, repeated cyber-attacks were more prevalent in APAC, with 19% reporting multiple attacks in the past year - higher than in Europe (14%) and North America (6%).

Phishing attacks powered by AI remain a concern, with 38% of Australian respondents expressing worry, though this was lower than the global average of 46%. Social engineering attacks were reported by 28% of APAC participants, the highest among regions, while autonomous and mutating malware incidents were lowest in APAC at 31%.

Marc Beder, General Manager at 11:11 Systems, APAC, states: "Recent cyber incidents with companies such as Clutch Industries and Baxter Labouratories demonstrate the need for strong cybersecurity in protecting manufacturing supply chains. Even an hour of downtime can cause a significant disruption to the business and can lead to significant costs, leading to considerable stress for all parties involved, making the ability to recover rapidly and consistently essential. It's critical to regularly evaluate your business' cyber resilience and confirm the adequacy of current plans and systems. Given that so many of our survey's respondents demonstrate a notable lack of preparedness, it highlights how vulnerable the industry is to cyber attacks, and this requires immediate attention."

The report underscores that despite high levels of confidence, only a minority of respondents in APAC were realistic about their own capabilities (16%). The findings point to a pressing need for Australian organisations to address complexity in cyber recovery and adopt more robust planning and testing procedures.