74% of Australian and New Zealand Organizations Suffered a Breach in the Past Year, with 41% Experiencing Multiple Breaches

SYDNEY – November 7, 2023 – New research from Armis, the asset intelligence cybersecurity company, found that Australia and New Zealand organizations are facing unprecedented cyber risk, with 74% of companies having suffered a breach in the past year as part of a cyberattack, and 41% admitting they faced multiple breaches during the same period. Financial loss (42%) and operational downtime (41%) were the most common consequences these organizations experienced after being breached.

In an effort to address evolving cybersecurity threats and improve the lack of oversight of the operating environment, Cybersecurity and IT decision-makers in Australia and New Zealand are on average, using a combination of 13 different asset management tools while gathering data from 10 distinct threat intelligence sources. This influx of diverse data sources, combined with low levels of automation, presents a challenge when it comes to prioritizing and effectively directing proactive and reactive cybersecurity efforts.

“In the wake of two significant cyberattacks within the region, both the public and private sectors are taking substantive steps to optimize around cyber resiliency,” said Curtis Simpson, CISO at Armis. ”As businesses look to invest in technologies at scale, it’s important to ensure that business resiliency remains a core requirement. Understanding how technical assets relate to business systems and value streams and how they ultimately roll up to the broader business capabilities and strategies is critical to ultimately driving the right proactive and reactive priorities.  This in turn allows for greater resilience and the enhanced protection of an organization’s overall attack surface.”

Key findings from Armis’ research, commissioned with Vanson Bourne, include:

Organizations are challenged with limited actionable threat intelligence and disjointed threat intelligence sources, complicating their vulnerability prioritization and remediation efforts.

• Companies in Australia and New Zealand, on average, have automated or orchestrated only 49% to 53% of their processes related to threat intelligence. This indicates that a substantial portion of the work required to leverage intelligence sources remains a manual effort.
• To add, only 55% of the information gathered from threat intelligence sources is actionable, on average.
• Nineteen percent of organizations report feeling overwhelmed by cyber threat information.
• Identification and remediation of high-risk vulnerabilities was listed by respondents as the foremost priority in Australia and New Zealand this upcoming year.

Unmonitored assets and a lack of oversight into employee owned devices are creating blind spots in company environments.

• On an average business day, over 57,000 physical and virtual assets are connected to the organizational networks of Australian and New Zealand businesses. Regional respondents shared that only 57% of these assets are monitored, leaving 43% unmonitored.
• Asset attributes information like asset location or support status is only reported for around 57% of company assets.
• Control over the attack surface continuously grows more complicated by employees increasingly bringing their own assets into the business environment. Over half (55%) of organizations in Australia and New Zealand reported lacking complete control and management personally provided devices connected to the company network.
• Additional gaps in the enforcement of BYOD policies add to this complexity: 23% of respondents report having an official BYOD policy that it is not enforced across all employees, while 28% say they either have guidelines that employees are encouraged to follow or admit they don’t have any policies or guidelines around BYOD.
• When asked how often employees within their organization download software and applications onto connected assets in the business environment, Australia and New Zealand respondents reported the highest percentage of occurrences within (80%) – further complicating the efforts of security teams.

“The threat landscape is constantly evolving, affected by global trends such as the explosion of connected assets and remote work models,” said Jeroen Nooijen, Regional Vice President, EMEA and APJ, Armis. “To manage the complex and challenging security environment created by these changes, and the related risks introduced, organizations need to ensure they are proactive in their security strategy based on the needs of the business in real-time. Only by seeing, securing and managing the entirety of their environment on an ongoing basis can companies truly protect their most critical systems and assets.”

To read the full research report from Armis, including a global view of this data and comprehensive breakdown for each region, please visit: https://www.armis.com/attack-surface-management

Learn about how Armis Centrix™, the AI-powered cyber exposure management platform, is enabling organizations to address these critical cybersecurity challenges here: https://www.armis.com/platform/armis-centrix/

Methodology and Demographics
Armis commissioned independent market research agency Vanson Bourne to conduct research into attack surface management within enterprise organizations. The study surveyed 900 IT security and IT decision-makers in May and June 2023 from organizations with 1,000 or more employees including 100 Australia and New Zealand respondents and others across the U.S., U.K., Germany, France and Singapore. Respondents were from organizations across all public and private sectors. All interviews were conducted using a rigorous multi-level screening process to ensure that only suitable candidates were given the opportunity to participate.

About Armis
Armis, the asset intelligence cybersecurity company, protects the entire attack surface and manages the organization’s cyber risk exposure in real time. In a rapidly evolving, perimeter-less world Armis ensures that organizations continuously see, protect and manage all critical assets. Armis secures Fortune 100, 200 and 500 companies as well as national governments, state and local entities to help keep critical infrastructure, economies and society stay safe and secure 24/7. Armis is a privately held company headquartered in California.