Poor Cyber Hygiene Sees Rise in Security Breaches


Nearly 75% of Australian businesses experienced as many as ten cyber incidents or breaches over the last year, a survey of global executives has revealed.

The Future of Cyber report analysed survey responses from 600 global executives with visibility into the cybersecurity functions of their organisations . It also found despite these increased risks 93% of Australian respondents remained committed to investment in digital transformation, including moving their financial systems or Enterprise Resource Planning (ERP) to the cloud.

The report provides insights into how organisations can increase visibility of complex technological ecosystems, and implement best practices to better prepare for a volatile and unpredictable cyber future.


Throughout the 2020-21 financial year, the Australian Cyber Security Centre (ACSC) received more than 67,000 cybercrime reports, an increase of nearly 13% from the previous year.

The figure is echoed globally in the report, with 40% of respondents experiencing an increase in threats to their organisations throughout the COVID-19 pandemic.

The shift to remote and hybrid working by Australian business revealed a significant cybersecurity risk. Organisations are continuing to face challenges balancing investments in digital transformations to remain competitive while protecting their systems from potential breaches.

More than 40% of the Chief Information Officers (CIOs) and Chief Information Security Officers (CISOs) surveyed acknowledged that transformation and gaining visibility across increasingly complex hybrid ecosystems is the greatest challenge they face.

Deloitte Australia Cyber Lead Ian Blatchford said the reality of living in a cyber world also brings an elevated risk environment. “Businesses across Australia – whether in financial services, health care, or the public sector – are on a fast-tracked path of digital transformation and cloud migration. Now more than ever, responsibility needs to shift upwards. Organisations that don’t incorporate cybersecurity into every aspect of their business risk increases to their vulnerability to attack, so it’s critical to have visibility to manage that risk, balance proactive and reactive responses, and to fully empower the CISO.”


In building a technology-forward, protected enterprise, the report also shows transformation/hybrid IT (41%) and cyber hygiene (26%) represent the most significant challenges for CIOs and CISOs when it comes to managing cyber risk.

“As a result, companies are leveraging Zero Trust—a set of architectural guidelines based on the fundamental principle of ‘never trust, always verify’— to bridge the gap between business, IT and cyber domains reducing operational complexity and simplifying ecosystem integration,” Mr Blatchford said. “Businesses that leverage Zero Trust are leading the way in organisational change to better enable digital transformation by building security infrastructures to handle the speed of these transformations.”


As the sophistication of cyber criminals grows, organisations are more inclined to increase their cyber defence budgets. Almost 75% of leaders with more than AUD$40 billion in revenue reported they will spend more than AUD$130 million on cybersecurity protections this year. While these investments are being relatively evenly spread to broadly mitigate risk, greater attention is being given to threat intelligence, detection, and monitoring, cyber transformation and data security.

“The convergence of technological prowess and increased cyber risk is changing the roles of today’s CISOs. As technology integrates further into daily business initiatives, so should their responsibilities,” Mr Blatchford said.

There has been an increase in CISOs reporting to CEOs, peaking at 38% amongst Australian respondents, and reaching 33% globally.

“This alignment allows for greater transparency on business initiatives and enhanced engagement at most levels – most importantly with C-suite executives like CFOs and Chief Marketing Officers (CMOs) whose relationships with the CISO are critical in mitigating risk and creating authentic, safe customer experiences,” Mr Blatchford said.

Over the next three years, CIOs and CISOs will continue to prioritise cyber. Respondents ranked security capabilities (64%), enhancing privacy capabilities (59%), demonstrating compliance capabilities (50%), and improving business efficiency and intelligence (45%) as the drivers for their adoption of emerging technologies.

You can read the full report here.