Almost one in three businesses see Australia as a prime target for cyber-attacks, data commissioned by Aura Information Security indicates.
A survey of 307 Australian businesses suggests that considerable uncertainty is faced by organisations in trying to combat cyber security threats.
More than 40 per cent of Australian businesses believe the country is behind the rest of the world when it comes to cyber security practices.
The survey suggests that, 29 per cent of executives believe that Australia is more at risk than the rest of the world when it comes to cyber-attacks, and a further 48 per cent say Australia is at the same risk as other countries.
The survey of IT and security executives indicates that while some leaders are confident they are on top of cyber security with the tools, policies and budget to be successful, others are unsure their planning and posture is strong enough to ward off an attack – or at least an attempted one.
More than half of CEOs and general managers indicated they had been personally attacked by a phishing or ransomware attack in the last 12 months.
Those that have been attacked are not confident they can avoid being hit again.
Nearly two-thirds of people that took the survey forecast cyber-attacks will become more frequent and complex.
Aura Information Security Australia country manager, Michael Warnock, said organisations should avoid getting too complacent about the risks of an attack.
“Threat actors operate across geographic boundaries and often look for targets with easy points of entry, such as unsecured, unpatched or misconfigured hardware,” he said.
Australian businesses are mature when it comes to education and awareness, with 80 per cent saying they have policies or training in place to prevent cyber breaches.
Despite this, less than half are very confident these policies and training will prevent a breach.
More than 70 per cent of businesses allocate 15 per cent or less of their total IT spend to security and 14 per cent of respondents spend less than five per cent.
In recognition of the growing threat, 72 per cent say they intend to raise their budgets.
Six in ten Australian businesses carry out some form of penetration testing.
Regular testing is most common in organisations between 100 and 200 staff in size.
“With attacks on the rise it’s becoming increasingly crucial that businesses get the cyber security basics right,” said Warnock.
“Employee training, regular penetration testing of web-facing applications and cyber- attack simulations are just some of the things that should be on the priority list.
“Cyber security is not something that a business can assess once a year, it requires constant review and consideration by all parts of the business – from the top down,” he said.