Cybersecurity company Darktrace has released its latest State of AI Cybersecurity Report. The report reveals that 78% of Australian organisations are significantly impacted by AI-powered cybersecurity threats and 54% are not prepared to defend against AI attacks.
However, Australian organisations are responding with stronger governance frameworks, with 46.7% having already implemented formal AI safety policies. A further 48.6% are in policy discussions, demonstrating a clear commitment to responsible AI adoption.
Data sovereignty emerges as a key priority, with 91.6% of Australian organisations preferring AI security solutions that do not share data externally, eclipsing the global average of 84.4%.
However, the research identified significant capability challenges, with 58.9% of Australian organisations lacking confidence in traditional cybersecurity solutions against AI threats and only 30.8% claiming to know exactly which AI types they use, versus 42% globally.
Darktrace’s second annual State of AI report surveyed over 1500 cybersecurity professionals, including 107 in Australia, holding roles ranging from CISO to IT security managers, IT security analysts and incident responders across 14 different countries.
Just under half of Australian organisations (43%) said they lack confidence in their teams’ ability to defend against AI threats.
In response, Australian organisations are prioritising cloud security (63.6%), network security (59.8%), implementation of AI-powered security tools (58.9%), and improved cyber readiness (53.3%).
Darktrace VP and Field CISO Tony Jarvis said the findings suggest Australian organisations are taking a practical, infrastructure-focused approach to AI security while placing a premium on data sovereignty and governance.
“This research presents a clear picture of Australian organisations taking a proactive stance on AI security governance, while grappling with real capability challenges,” he said. “The fact that 78.5% are already experiencing significant impacts from AI-powered threats, yet many lack confidence in their defensive capabilities, points to an urgent need for transformation in how we approach cybersecurity.”
“The good news is that Australian organisations are responding with stronger governance frameworks and a clear focus on practical, infrastructure-focused solutions,” he added.
Jarvis said the report found that Australian organisations were taking a distinctly human-centric approach to AI security, balancing strong belief in AI’s benefits with careful scepticism about automation.
While 92.5% of Australian organisations agree that AI-powered security solutions significantly improve their ability to prevent, detect, respond to and recover from cyber threats, they remain more cautious about full automation than their global counterparts.
Nearly half (43.9%) lack confidence in AI’s ability to automatically stop threats, a level significantly higher than the international average of 34.5%.
“This balanced approach shows Australian organisations are thinking carefully about where AI adds the most value,” said Jarvis. “They clearly see AI as critical for improving security operations – but they’re also pushing back against the ‘automation at all costs’ narrative we’re seeing elsewhere. This preference for human-AI collaboration over full automation could prove prescient as organisations globally grapple with questions about AI control and oversight.”
You can read the full report here.
