KnowBe4 has announced new research which has found more than two in three (68 per cent) IT decision-makers feel the Government should be doing more to protect Australian businesses from cyber-attacks.
In addition, fewer than half (45 per cent) of Australian IT decision-makers say they are confident they understand their organisation’s responsibilities regarding Government reporting of cyber incidents and data breaches.
Jacqueline Jayne, Security Awareness Advocate for APAC at KnowBe4, says: “It’s clear from our research that Australian IT leaders and businesses are not feeling supported by the Government when it comes to security issues. There is more education required for those in IT about their obligations and commitments but also of the public about how to stay safe online both at home and at work.”
Things IT decision-makers believe the Government should be doing, include:
- Providing more education and awareness to all our citizens about the cyber risks and how to stay safe online (45 per cent),
- Providing more training for Australian businesses on cyber risks (38 per cent), and
- Providing more funding for Australian businesses for cyber protection (36 per cent).
Who is responsible?
Jayne continues: “The reality is that cyber threats are so pervasive that keeping individuals and businesses safe requires a combined effort from the Government, business leaders, IT departments and employees alike. There is no panacea or magic technology solution that will protect your business. Everyone needs to be educated about potential threats and how to avoid them.”
Worryingly, fewer than half (45 per cent) of Australian IT decision-makers believe that it is everyone’s responsibility to protect the organisation from cyber-attacks.
- 31 per cent believe it is the IT department’s responsibility (10 per cent higher than office workers),
- 19 per cent believe it is the employee’s responsibility,
- 18 per cent believe it is the Government’s responsibility, and
- One in four (26 per cent) say technology should be protecting the organisation from cyber-attacks.
Those who are planning on investing in/spending money towards cyber security in 2022 are much more likely than those who are not to believe it is the IT department’s responsibility (40 per cent compared to 15 per cent) and the employee’s responsibility (25 per cent compared to 6 per cent).
On the other hand, those who are not planning on investing in cyber security in 2022 are more likely than those who are to believe it is everyone’s responsibility to protect the organisation from cyber-attack (54 per cent compared to 40 per cent) and that they don’t think anyone is responsible for protecting the organisation from cyber-attacks (10 per cent compared to one per cent).
The employee view:
Given the IT department’s lack of clarity, it is unsurprising that employees are also unaware of who is responsible for cybersecurity:
- One in four (25 per cent) say technology should be protecting the organisation from cyber-attacks.
- 21 per cent believe it is the IT department’s responsibility, and
- 13 per cent believe it is the Government’s responsibility.
However, training regarding cyber security impacts employees’ views and makes them more likely to take responsibility for their own role in keeping the organisation safe. Those who have received training are more likely to believe it is the employees’ responsibility (18 per cent) compared to those who have not received training (10 per cent).
While in contrast, those who have never received training are more likely to believe it is the IT department’s responsibility (28 per cent compared to 19 per cent).