A new study has indicated that internal communication failures are significantly affecting Australian companies’ capability to fend off cyber threats.
Conducted by security firm Dynatrace, the report pinpointed a critical disconnect between IT security teams and corporate leadership, undermining effective cyber risk management.
This study, spearheaded by Coleman Parkes in March and April, collected insights from a global pool of 1,300 chief information security officers (CISOs), including 100 from Australia, along with interviews from 10 chief executive officers (CEOs) and chief financial officers (CFOs) from major enterprises.
Entitled “The State of Application Security in 2024,” the report highlighted that CISOs face challenges in explaining the intricacies of cybersecurity to their organisations’ highest-ranking executives. Notably, 89% of CISOs believe that application security concepts are not fully understood by their CEOs and board members.
The survey further revealed that 70% of C-suite executives find security communications overly technical and devoid of business context, complicating meaningful discussions about cybersecurity strategies.
The lack of accessible communication is concerning, as 76% of CISOs feel that their security tools do not generate insights that executives can use to grasp business risks effectively.
This issue is critical amid the rising prevalence of AI-driven cyber threats, which, according to the study, have led to application security incidents in 72% of surveyed organisations within the past two years.
Meanwhile, another recently released study revealed a substantial rise in data breaches in Australia in the first quarter of 2024.
Bernd Greifeneder, chief technology officer at Dynatrace, highlighted the need for clearer communication strategies that integrate cybersecurity into broader business discussions.
“Cybersecurity incidents can have devastating consequences for organisations and their customers, so the issue has rightfully become a critical board-level concern. CISOs urgently need to find a way to overcome this barrier and create a culture of shared responsibility for cybersecurity. This will be critical to improving their ability to respond effectively to security incidents and minimise their risk exposure,” he said, as reported by Security Brief Australia.
The report also shed light on the additional risks introduced by artificial intelligence (AI) technologies, with 52% of CISOs anxious about AI’s capacity to enable hackers to develop and deploy new attacks more swiftly. Another 45% were concerned that accelerated software delivery enabled by AI might lead to more security vulnerabilities.
To combat these issues, 85% of CISOs are now emphasising the importance of DevSecOps automation, and 87% view it as vital for adapting to new regulations.
“Organisations urgently need to modernise their security tools and practices to protect their applications and data from modern, advanced cyber threats. The most effective approaches will be built on a unified platform that drives mature DevSecOps automation and harnesses AI to deal with distributed data at any scale,” Greifeneder said.
