63% of Aussie orgs had security incident in past year

Nearly two thirds (63%) of Australian organisations have faced at least one security incident in the past year, according to new research from industry association CompTIA.

The study also shows that 72% of Australian organisations expect security to become a higher priority over the next two years.

The top drivers for a changing approach to security in Australia include changes in IT operations, such as the growing prominence of cloud or mobility, and reports of security breaches at other companies.

Internal security incidents, knowledge gained from training and certification and a change in business operations are also expected to contribute to pushing security to prominence.

“Due to the evolving nature of IT, most organisations have had to change the way their company approaches security,” said CompTIA’s ANZ community director, Moheb Moses.

“In Australia, as in many other countries, the greatest change has been in IT operations, especially as firms move to cloud or implement new mobility strategies.”

Mobile security issues are meanwhile on the rise, with 71% of Australian organisations reporting a mobile-related security incident such as a lost device, data policy violation or staff-disabling security features.

Indeed, a common theme of the report is that human error is becoming a larger cybersecurity factor for companies. Some 61% of Australian organisations consider human error to be a major contributor to security risk.

Top sources of human error include a failure to get up to speed on new threats, end-user failure to follow security policies and procedures, and intentional disabling of security features.

Australian organisations are taking steps to address this issue by implementing practices to improve cybersecurity knowledge among employees. These include new employee orientation, ongoing training programs, online courses and random security audits.

But only 23% of organisations rate their current cybersecurity education and training methods as extremely effective. Respondents believe they can improve this effectiveness by making employee training mandatory, delivering more thorough training more frequently and conducting follow-up tests.

Image courtesy Don Hankins under CC