Aussie organisations underestimating cyber resilience

When it comes to cyber security readiness, there’s a gap between leadership confidence and employee readiness, leading organsiations to overestimate their cyber resilience, according to IT service provider Datacom.

In the provider’s newly-released State of Cybersecurity Index Australia 2025 report, which was based on surveys conducted by Tech Research Asia, more than three-quarters (79 per cent) of security leaders believe their employees are reasonably informed about cyber risks but only half of employees agree.

The index also indicated that only 38 per cent of security leaders creating business continuity or cyber resilience have a plan in place in the event of a cyber attack or incident, highlighting a lack of business continuity planning in the cyber security space.

However nearly all (95 per cent) of security leaders say cyber security practices are well aligned to business outcomes.

AI imperative

The assumption that employees are well-prepared to handle threats when many say they lack the necessary training and awareness, could lead to potential risk when it comes to the adoption of artificial intelligence (AI), Datacom claimed.

As AI adoption increases, many businesses still lack clear governance frameworks to ensure security keeps pace with innovation; the index found that four in 10 employees were using AI tools like ChatGPT and Copilot but fewer than one in four have read their organisation’s AI security policies.

Meanwhile, six in 10 employees are unsure whether their organisation has safeguards in place.

Datacom said AI-based cyber attacks are ranked as the number one concern for security leaders, yet employee awareness of AI risks and cyber security policies remains low.

Only 29 per cent of employees believe cyber security is a top priority with everyone actively involved.

While AI is proving to be a transformative force for businesses, Datacom group chief information security officer Collin Penman said the challenge now is to ensure security and governance keep pace with its adoption.

“Australian businesses are already experiencing a positive impact, and as confidence continues to climb,” he said. “We expect to see more companies embedding AI into their overall strategy to handle more advanced tasks like complex decision-making and enhancing employee productivity.”

With AI adoption accelerating and cyber threats evolving, governance must be embedded into business and security frameworks, noted Penman.

“Cyber security investment supports business continuity, growth and trust, because preventing a breach is always better than responding to one,” he said.

As a result, the disconnect between the perception of AI and cyber security readiness among security leaders and employees poses significant risk.

“Cyber security is only as strong as the organisation’s weakest link and if employees don’t have the right training or awareness, security strategies won’t hold up when they’re most needed,” he said.

AI to aid IT security

However, it isn’t just the gap on preparedness that could lead to weakened defences.

Penman said that cyber criminals were adopting AI to automate and scale up cyber-attacks, while IT leaders report that cyber burnout among their teams continues to grow.

With almost three in five Australian security leaders (58 per cent) reporting cyber fatigue within their security or IT teams, employees were stressed or constantly under pressure, leading to weakened defences.

“There is a real risk that businesses are operating with a false sense of security. Leaders believe their teams are ready to tackle threats, but this disconnect is leaving businesses exposed,” Penman said.

Datacom Australia managing director Laura Malcolm said Australian organisations need to be taking advantage of AI-driven efficiencies.

“Our cyber security research shows they also need to be harnessing AI to bolster their security practices, and they must establish business resilience planning, so they have a clear path to recovery after an attack,” she said.