Tuesday, May 28, 2024
This is despite 81 per cent of security executives rating their cybersecurity defence as good or excellent
New research from LogRhythm, the company helping security teams stop breaches by turning disconnected data and signals into trustworthy insights, revealed that while most security executives in Australia and New Zealand view their cybersecurity defence positively, four in ten companies have lost deals due to customers’ lack of confidence in their strategy in the last 18 months.
Eighty-one per cent of ANZ security executives rated their cybersecurity defence as good or excellent. Yet, 40 per cent of companies faced customer confidence issues, prompting over three in every four companies to adjust their cybersecurity strategy. Of companies that have lost deals due to customer confidence issues, 71 per cent indicated that it happened in the last 18 months. This highlights a disconnect between security executives and their customers on the effectiveness of their cybersecurity defence, suggesting gaps in meeting customer expectations for data protection.
LogRhythm’s 2024 State of the Security Team: Navigating Constant Change Research Report explores the insights of security professionals around external factors affecting security strategy, alongside reporting capabilities and overall security communication effectiveness within the business. The study presents findings from 1,176 cybersecurity professionals and executives globally, including Singapore, Malaysia, Indonesia, Japan, India, and Australia & New Zealand in the APAC region.
Adapting to the dynamic threat landscape
In response to the dynamic threat landscape, 76 per cent of ANZ respondents highlighted that they have changed their company security strategy in the last 12 months. Use of AI for threat management and new security solutions was cited as the primary driver for change in Australia and New Zealand by 67 per cent of respondents, with Indonesia leading this trend at 86 per cent, the highest in APAC. Other reasons include changing regulations or compliance requirements (58%), new attack types (60%), and budget changes (35%).
Communication gap remains between security teams and non-security executives
The study also uncovered a rise in expectation for senior leaders to be accountable for security breaches, with 49 per cent stating that cybersecurity leaders and CEOs should ultimately bear the responsibility for protecting against and responding to cyber incidents. The findings give credence that cybersecurity is now recognised as an integral component of business strategy and corporate governance, shifting away from its previous perception as a purely technical concern.
However, while executives are now expected to have greater responsibility over cybersecurity breaches, there remains a gap in communication between security teams and non-security executives. This disparity exists despite ANZ cybersecurity teams, indicating that 75 per cent possess the right tools to easily communicate the current security status to key stakeholders across teams.
Specifically, 19 per cent of ANZ respondents faced difficulties in conveying the importance of particular security measures to non-technical executives. Meanwhile, only half of respondents agreed that non-security executives understand the company’s regulatory obligations. This communication barrier can result in misunderstandings regarding the value of investments in cybersecurity, potentially impacting the organisation's readiness and response capabilities.
Budgets are increasing, yet metrics to measure impact are lacking
As businesses strive to protect themselves from evolving threats, their investments in cybersecurity are mirroring this effort. Sixty-four per cent of ANZ respondents have noted an increase in their company’s cybersecurity budget in response to the changing threat landscape, lower than the global average of 76 per cent. Furthermore, 75 per cent expressed confidence in having the necessary resources — such as tools, personnel, expertise, and budget — to safeguard their company from cyberattacks.
When assessing the impact of these investments, security teams who experienced challenges in explaining the need for a specific security solution to non-security stakeholders, often fail to report on key operational metrics that determine the measurable impact of security investments and strategy adjustments. To this end, security reports mostly focused on critical data like breaches (69%), incidents (62%), and time to respond (56%), Other security operational metrics, such as time to detect (49%) and time to recover (23%) are featured less significantly in these reports.
Moreover, the majority of security teams are still relying on manual and time-intensive approaches to share security status information, including static reports (75%), meetings (84%), and emails (62%). This highlights a concern, given that to maintain effective communication, security teams need to be armed with improved case management metrics and advanced analytics to make informed decisions quickly.
“The current threat environment in Australia and New Zealand demands an enterprise-wide approach with C-suite executives working closely with cybersecurity professionals to calibrate the risks and make well-informed, strategic decisions, while allocate the necessary financial and technical resources to protect the organisation, its employees and customers,” said Matthew Lowe, ANZ Country Manager, LogRhythm.
“This latest research reflects the ambitions of local enterprises to keep ahead of the threat actors pace while continuing to advance their digitisation efforts by ramping up their cybersecurity investments. However, the data also shows that business leaders face challenges in being able to measure and communicate the value and impact of cybersecurity investments, despite increasing budgets.
“Moving into the second half of the year, we encourage business leaders to enhance collaboration opportunities between security and non-security teams, and foster a shared learning of each team's requirements and responsibilities to streamline and enhance overall operational efficiency across different departments. Greater investments in cybersecurity solutions can also be complemented by employing more automation technologies for everyday business activities such as reporting, which will free up valuable time to focus on higher-value work and result in more benefit to the enterprise overall.
Methodology
The Security Teams Thriving in the Face of Constant Change: A Global Survey of Security Professionals & Executives study was conducted by Dimensional Research, on behalf of LogRhythm in March 2024. The study surveyed 1,176 cybersecurity professionals and executives globally, across North America, Europe, the Middle East, Africa, and Asia Pacific (APAC). In APAC, the survey data includes 334 responses from Singapore, Malaysia, Indonesia, Japan, India, Australia and New Zealand.
About LogRhythm
LogRhythm helps security teams stop breaches by turning disconnected data and signals into trustworthy insights. From connecting the dots across diverse log and threat intelligence sources to using sophisticated machine learning that spots suspicious anomalies in network traffic and user behaviour, LogRhythm accurately pinpoints cyberthreats and empowers professionals to respond with speed and efficiency.
With cloud-native and self-hosted deployment flexibility, out-of-the-box integrations, and advisory services, LogRhythm makes it easy to realize value quickly and adapt to an ever-evolving threat landscape. Together, LogRhythm and our customers confidently monitor, detect, investigate, and respond to cyberattacks. Learn more at logrhythm.com.