Share this article on:
New KnowBe4 research has found more than two in three (68 per cent) IT decision-makers feel the government should be doing more to protect Australian businesses from cyber attacks.
The security awareness training provider and simulated phishing platform also found that fewer than half (45 per cent) of Australian IT decision-makers say they are confident they understand their organisation's responsibilities regarding government reporting of cyber incidents and data breaches.
According to Jacqueline Jayne, security awareness advocate for APAC at KnowBe4, the research shows that Australian IT leaders and businesses are not feeling supported by the government when it comes to security issues.
"There is more education required for those in IT about their obligations and commitments but also of the general public about how to stay safe online both at home and at work."
Things IT decision-makers believe the government should be doing, include:
Who is responsible?
Jayne further explains the reality is that cyber threats are so pervasive that keeping individuals and businesses safe requires a combined effort from the Government, business leaders, IT departments and employees alike.
"There is no panacea or magic technology solution that will protect your business."
"Everyone needs to be educated about potential threats and how to avoid them," Jayne said.
The KnowBe4 data has also shown fewer than half (45 per cent) of Australian IT decision-makers believe that it is everyone's responsibility to protect the organisation from cyber attacks.
IT decision-makers who are planning on investing in, or spending money towards cyber security in 2022 are likely to take responsibility on the company's behalf in comparison to those who do not believe it is the IT department’s responsibility (40 per cent to 15 per cent).
The same group who do not believe it is the IT department's say it should be the employee’s responsibility (25 per cent).
The employee view:
Given the IT department’s lack of clarity, it is unsurprising that employees are also unaware of who is responsible for cyber security:
However, training regarding cyber security impacts employees' views and makes them more likely to take responsibility for their own role in keeping the organisation safe. Those who have received training are more likely to believe it is the employees’ responsibility (18 per cent) compared to those who have not received training (10 per cent).
While in contrast, those who have never received training are more likely to believe it is the IT department’s responsibility (28 per cent compared to 19 per cent).
[Related: Qualys launches context-aware XDR solution]