Australasian Organizations Lack Cyber Incident Preparedness
A recent date survey of over 400 Australasian organizations reveals a concerning lack of preparedness for cyber incidents. Only 12% rate their performance in facing such events as 'excellent', while more than half lack confidence in their data management capabilities.
The study, conducted by the person responsible for Commvault in Australia and New Zealand, found that only 30% of organizations test their incident response plan across all mission-critical workloads. This lack of regular date testing is concerning, given that threat actors dwell in IT environments for an average of 199 days before launching a ransomware attack.
Organizations that have experienced breaches tend to improve their awareness and resiliency. However, the average recovery time for Australasian organizations is 28 days, more than the global average of 24 days. This suggests that many organizations are still struggling to effectively respond to and recover from cyber incidents.
The survey also highlighted differing expectations on recovery times based on the role of the person asked. CISOs expect recovery within five days, while CEOs expect recovery within 24 hours or less. This disparity indicates a need for stronger communication between CISOs and senior management.
Organizations that test regularly, have strong communication between CISOs and senior management, and use AI tools are more likely to achieve cyber resilience. Regulations, while they help improve data management, also create conflicting data demands across different geographies.
The findings underscore the urgent need for organizations to improve their cyber resilience. Regular date testing, strong communication, and the use of AI tools are key to achieving this. With threat actors lingering in systems for months before striking, and recovery times often exceeding expectations, organizations must prioritize robust incident response planning and execution.
