Many Australian IT leaders mistakenly believe they will see IT-security budgets increasing over the next two years but executives have other thoughts on the issue, according to recent research that found the misalignment of expectations is stronger in Australia than in other countries in the Asia-Pacific region.
Fully 27 percent of IT-security executives in the global study of 1100 senior executives predicted a major increase in their security budget over the next two years, but only 13 percent of the C-suite respondents saw similar growth on the horizon.
This, despite broad agreement that the risk of cyberattacks is increasing - a statement agreed to by 16 percent of C-suite respondents and 18 percent of IT-security executives. The research work - conducted by the Economist Intelligence Unit on behalf of VMware - found that despite IT executives' growing concerns cybersecurity is only the ninth most-important strategic priority for Australia's C-suite executives.
Although Australia's C-suite and security leaders were largely aligned around the importance of protecting the company's reputation, regulated data and customer information, the business leaders were far less clear on the importance of cybersecurity policy in achieving these goals.
Just 5 percent of those executives said protecting against cyber-attacks was a priority, compared with 28 percent of IT executives. Australian business leaders were more concerned with issues such as acquiring new customers (14 percent vs 6 percent) and growing internationally (16 percent vs 8 percent). "The C-suite's priorities are clear," the report's authors note. "Their primary single concern is to safeguard the reputation and brand of the firm.
In contrast, security executives are focused on the data and the software.... Lack of commitment [to security] can have direct implications for firms' security posture, by limiting funding and diminishing the impetus for organisational change." Businesses face ongoing compromises of businesses across all industry sectors, with fraudulent mobile apps, espionage-minded hackers, and ever-changing and increasingly-malicious ransomware adding to recognised threats such as security risks that permeate critical infrastructure.
Despite these multitudinous threats, the EIU findings suggest that business executives still downplay the threat of cybersecurity incidents: far fewer C-suite respondents agreed that their company was likely to experience a serious cyber-breach within 90 days (12 percent vs 31 percent of IT-security executives), one year (23 percent vs 40 percent), three years (25 percent vs 38 percent), and five years (27 percent vs 39 percent). While they recognise security as an abstract threat, it appears that business executives are still falling back into their comfort zones, focusing on business growth even as security advisors are recommending that businesses get more proactiveabout tracking down cybercriminals and acting to protect themselves online.
Sign up for MIS Asia eNewsletters.