Australian organisations are underestimating their cyber resilience, with a notable gap between the confidence of leadership and the preparedness of employees, according to a new report from IT service provider Datacom. This disconnect is contributing to a false sense of security in the corporate world, as businesses increasingly face evolving cyber threats.
The State of Cybersecurity Index Australia 2025, based on a survey conducted by Tech Research Asia, reveals that while 79% of security leaders believe their employees are adequately informed about cyber risks, only half of the employees share this sentiment. This highlights a critical divide between leadership and staff regarding the actual state of cyber readiness within organisations.
A further concern identified in the index is that only 38% of security leaders who are developing business continuity or cyber resilience plans have established a clear strategy for responding to cyber incidents. This underscores a significant gap in preparedness for cyber disruptions.
Despite these gaps, nearly all (95%) security leaders believe their cyber security practices are closely aligned with business outcomes, showing a mismatch between perceptions of security alignment and actual readiness on the ground.
AI Adoption and the Growing Risk
The report highlights an emerging challenge with the increasing adoption of artificial intelligence (AI). As businesses integrate AI tools like ChatGPT and Copilot, the need for robust governance frameworks becomes more urgent. The index found that 40% of employees are using AI tools, yet fewer than 25% have reviewed their organisation’s AI security policies. Additionally, 60% of employees are unaware if their company has implemented necessary safeguards for AI usage.
Datacom warns that AI-based cyber-attacks are a major concern for security leaders. Despite this, awareness of AI-specific risks among employees remains low. Only 29% of employees consider cyber security to be a top priority within their organisation, further complicating efforts to safeguard against emerging threats.
“AI is reshaping business processes and driving productivity, but as its adoption grows, security frameworks must evolve to keep pace,” said Collin Penman, Group Chief Information Security Officer at Datacom. “Cyber security investment is critical to ensuring business continuity and building trust. A breach is far more damaging than prevention,” he added.
The current gap in AI preparedness poses significant risks, with the effectiveness of security strategies directly tied to the level of employee awareness and training.
AI’s Double-Edged Sword
Penman also pointed out that while AI is transforming business operations, it is simultaneously empowering cyber criminals to automate and scale their attacks. The use of AI by malicious actors is intensifying, and Australian organisations must be prepared to defend against more sophisticated and automated threats.
Cyber burnout is another growing issue among Australian security leaders. The report reveals that 58% of security professionals are experiencing fatigue, leading to stress and a higher likelihood of lapses in security vigilance.
“There is a real danger that Australian businesses are operating with a false sense of security. Leaders may believe their teams are ready to face cyber threats, but this gap in understanding is leaving organisations vulnerable,” Penman warned.
The Path Forward: Strengthening Cyber Resilience
To address these vulnerabilities, Datacom urges Australian organisations to harness AI not only for business efficiency but also as a tool to enhance their cyber security practices. According to Datacom Australia Managing Director Laura Malcolm, AI-driven efficiencies can support the strengthening of cyber defences, but organisations must also implement comprehensive business resilience plans to ensure they are prepared to recover swiftly in the event of an attack.
“This research underscores the need for Australian businesses to prioritise both AI adoption and the establishment of robust cyber security and recovery frameworks. Without these, organisations risk falling behind in an increasingly hostile cyber environment,” Malcolm said.
As businesses continue to embrace AI, the importance of aligning security practices with innovation becomes more crucial than ever. Cyber resilience is not just about responding to threats—it’s about proactively preparing for the future.
Related Topics:
DMU Support Helps Entrepreneurs Secure Nominations at Business Awards
Metacon Advances Negotiations for Wind-to-Hydrogen Pilot Project
