Australian cyber security is on the rise but still lags behind the global average

Security culture is growing in Australia as organisations become more aware of the importance of having strategies that can negate cyber attacks. However, there’s more that can be done.

With the ever-growing presence of artificial intelligence (AI), many businesses have feared that cyber attacks could become more prominent and cause greater devastation towards the organisations that bad actors target. This growing concern has uplifted the urgency of many organisations across Australia to really invest in their cyber security frameworks.

KnowBe4 has announced the release of its 2024 Security Culture Report, which examined how cyber security measures related to the human element affect organisations and the way people act and feel at work.

The report revealed the overall security culture score globally stands at a low-moderate level, a measure based on seven different dimensions of security culture:

• Attitudes
• Behaviours
• Cognition
• Communication
• Compliance
• Norms
• Responsibilities

It was found that in Australia and New Zealand, security culture has increased as a topic of interest, with a welcome addition of business units outside of IT, such as HR. In 2024, Australia recorded a moderate security awareness score of 71 and New Zealand 72, but they continue to trail Europe (73) and North America (73).

KnowBe4 defines security culture as: “The ideas, customs and social behaviours that influence an organisation’s security and reduce human risk.” Security culture can be best understood as the collective mindset, practices and norms that shape how an organisation approaches and prioritises cyber security.”

Getting into the details of the report, the dimension of cognition is low in both Australia (69) and New Zealand (67), which may indicate a lack of ongoing training that would otherwise increase understanding, knowledge, and awareness.

Dr Martin Kraemer, security awareness advocate at KnowBe4, stated: “In the past 12 months, Australia and New Zealand have experienced significant data breaches, including Latitude Financial and Medibank, which have affected millions of people. The growing understanding of the essential role that security culture plays within any successful organisation is encouraging, but there’s more to do.”

“As more people continue to fall victim, and advances like AI add complexity to cyber crime, it is critical for all industries, especially those heavily targeted by cyber criminals, to prioritise security culture and invest appropriately, particularly in reducing human-based risk.”

Building that collective mindset around cyber security from top to bottom is the priority that many organisations are adhering to. Organisations recognise that employees are a key defence against cyber attacks and that leadership needs to develop training strategies for all staff to build a strong security culture.

The report shows that smaller organisations are performing better in their overall security culture compared to larger counterparts, primarily because larger organisations often struggle with efficient leadership communication due to their size, whereas in smaller organisations, individuals often feel more responsible for security.

Overall, creating that team dynamic when it comes to creating a swift defence against bad actors and cyber attacks is imperative. If leaders can ensure top-notch training to all members of the organisation, then those imminent cyber attacks can be easily nullified, bringing Australia closer and possibly above that global average for security culture.