The majority of Australian organisations surveyed by Cisco have “essentially” given up trying to be proactive about cybersecurity, according to the IT and networking company.

Of the 209 Australian participants in Cisco’s 2019 Asia Pacific Chief Information Security Officer (CISO) Benchmark Study, 65 percent said that their organisations were “suffering from cybersecurity fatigue”. Cisco defines that as “virtually having given up on proactively defending against threats”.

Some might say that’s understandable, considering the number of cybersecurity alerts most companies receive. Of the Australian CISOs that took part in Cisco's survey, 69 percent said their organisations received more than 100,000 alerts daily. That compares to 14 percent globally.

Local CISOs said they investigated 59 percent of cybersecurity incidents, which is higher than the global investigation rate, but a fall in the local rate compared to the previous year.

Cisco's survey included companies with between 100 and 499 employees, large enterprises and public sector organisations.

The survey also found that:

  • only a third of investigated local alerts were legitimate
  • only 38 percent of legitimate local alerts were remediated, compared to 69 percent the year before
  • more than three quarters of Australian survey participants that suffered a cybersecurity breach said that the average cost of the breach was more than $1 million
  • more than a third of the Australian survey participants reported having experienced a cybersecurity attack on Operational Technology (OT). And the majority expected to see more OT attacks.

When asked about the improvements they made following a breach, Australian respondents tended to focus on enforcement of data protection laws and regulations, hiring or creating CISO roles, establishing compliance/risk management offices and forming security teams.