A new research from cybersecurity firm Thycotic revealed that 66% of organizations in Australia are planning to increase their cybersecurity budgets in the next 12 months. The research titled “CISO Decisions” highlighted what motivates companies to invest in cybersecurity and the impact this has on CISO decision making.
Based on the responses from over 900 CISOs and security decision makers globally, the research states that nearly 88% of Australian respondents (77% globally) received boardroom investment for new security projects, either in response to a cyber incident at 59% of organizations (49% globally) or due to fear of audit failure at 29% (28% globally). Nearly 18% of Australian respondents (23% globally) believe that compliance or threats of fines are the most effective way to convince boards to invest in cybersecurity.
COVID-19 Boosts Security Investments
Amid growing cybersecurity risks during the pandemic and the fear of compliance audit failure, most of the CISOs stated that boards are in plan to step up their budgets for cybersecurity. 94% of CISOs in Australia (91% globally) said their board adequately supports them with investment. While two-thirds of Australian respondents (58% globally) believe that in the next financial year they will have increased security budgets due to the COVID-19 outbreak, 41% of them (37% globally) said their investments were turned down because the threat was perceived as low risk.
“Before CISOs can pursue technology innovation they must first educate their stakeholders about the value of cybersecurity. Securing Boardroom investment requires them to strike a delicate balance between innovation and compliance,” said James Legg, CEO at Thycotic.
“While boards are definitely listening and stepping up with increased budget for cybersecurity, they tend to view any investment as a cost rather than adding business value. There are encouraging signs, particularly in APAC where ROI is a leading factor in security investment decisions. However, there is still some way to go, as Boards mainly approve investments after a security incident, or through fear of regulatory penalties for non-compliance. This shows that cybersecurity investment decisions are more about insurance than about any desire to lead the field which, in the long run, limits the industry’s ability to keep pace with the cybercriminals.” said Terence Jackson, CISO at Thycotic.
To address the surge in malware, phishing, and DDoS attacks, EC Council’s CISO MAG has planned a crisp half day virtual engagement, The Australia CISO Confluence, to create more awareness on the need for cybersecurity and its related implications in these testing times.