Cisco 2020 CISO Benchmark Report: Cybersecurity is a High Priority for Australian Executives, But Security Complexity and Cyber Fatigue Major Challenges


Cisco published the local Australian and APJC findings of its sixth annual CISO Benchmark Report surveying the security posture of 2,800 security professionals from 13 countries around the globe. The report also provides 20 cybersecurity considerations for 2020 – gleaned from data analysis of survey results and a panel of Advisory CISOs.

Complexity Continues to be Cybersecurity’s Worst Enemy

  • 90% of Australian organisations use between 1 and 20 security vendors, with the other 10% using over 20 vendors.
  • 42% of respondents admitted that managing this multi-vendor environment is very challenging
    • 65% of Australian respondents found mobile devices very or extremely challenging to defend, higher than the APJC average of 58%
    • Australian respondents also consider data in the public cloud and private cloud infrastructure to be top security challenges in 2020, with 70% of respondents find them very or extremely difficult to defend

In addition, Australia is lagging far behind in terms of vulnerabilities patching with 59% of Australian respondents reporting having had an incident caused by an unpatched vulnerability, 13% higher than the global average (46%), and considerably more so than US (40%) and European (36%) counterparts

    • 13% of organisations surveyed report having more than 100,000 records impacted from their most severe data breach in 2019
    • The most severe breaches are said to have impacted brand reputation (41%), operations (30%) and intellectual property (29%) the most
    • The local regulatory landscape also means more public scrutiny on data breaches than in any other countries surveyed: post-breach voluntary disclosures are at their highest level since Cisco started its survey five years ago, with 77% of Australian respondents noting that their most recent security breach became known to the public because of voluntary disclosure-  higher than APJC respondents (71%) and the global average (61%)
  • This complexity is leading Australians to feel a lot more cyber fatigue (58%) than other countries and regions such as the US (37%) and EMEAR (38%)

Automation, cloud security and collaboration key

  • 74% of Australians plan to increase automation to ramp up their security ecosystems Vs. 82% in APJC, 93% for India and 91% for China
  • 86% of Australian respondents report high collaboration [very or extremely collaborative]between networking and security teams.

Additional Global CISO challenges and opportunities for improvement:

  • Workload protection for all user and device connections across the network was found extremely challenging — 41% of the surveyed organisations found data centres were extremely difficult to defend, and 39% said they struggled to secure applications. The most troublesome place to defend data was the public cloud, with 52% finding it very or extremely challenging to secure, and 50% claiming private cloud infrastructure was a top security challenge.
  • Security professionals struggle to secure the growing mobile workforce and ubiquitous personal devices — More than half (52%) of respondents stated mobile devices are now very or extremely challenging to defend. Adopting zero-trust technologies can help secure managed and unmanaged devices without slowing down employees.
  • Adoption of zero-trust technologies to secure access of the network, applications, users, devices and workloads needs to increase — only 27% of organisations are currently using multi-factor authentication (MFA), a valuable zero-trust technology to secure the workforce. Survey respondents from the following countries showed the highest MFA adoption rates in this order: USA, China, Italy, India, Germany, and UK. While micro-segmentation, a zero-trust approach to secure access of workloads, had the least adoption at only 17% of respondents.
  • Breaches due to an unpatched vulnerability caused higher levels of data loss — a key concern for 2020 is that 46% of organisations (up from 30% in last year’s report) had an incident caused by an unpatched vulnerability. 68% of organisations breached from an unpatched vulnerability suffered losses of 10,000 data records or more last year. In contrast, for those who said they suffered a breach from other causes, only 41% lost 10,000 or more records in the same timeframe.
  • Security professionals have made positive developments to improve their security posture:
  • Collaboration between network and security teams remains high — 91% of respondents reported they’re very or extremely collaborative.
  • Security practitioners are realising the benefits of automation for solving their skills shortage problem as they adopt solutions with greater machine learning and artificial intelligence capabilities — 77% of the survey respondents are planning to increase automation to simplify and speed up response times in their security ecosystems.
  • Cloud security adoption is increasing, improving effectiveness and efficiency — 86% of respondents say utilising cloud security increased visibility into their networks.