Ransomware attacks are governing the landscape of cyber threats faced by Australian organisations, according to the third annual Global Cyber Confidence Index released by ExtraHop, a prominent name in the field of cloud-native network detection and response. The report indicates that although a significant 91% of IT and cybersecurity decision-makers expressed they are confident in their organisations' cyber risk management abilities, they concurrently recognised an ongoing pattern of falling short in identifying and addressing threats.

The prevalence of ransomware attacks has increased drastically, with cyberattackers being successful in extracting hefty payments. The research discovered that 15% of Australian respondents perceive ransomware as the primary risk their organisations are confronted with, a finding that is supported by nearly half of the respondents admitting they are still operating on at least one insecure network protocol. Remarkably, as many as 82% of the respondents had encountered six or more ransomware incidents in 2023, with 77% of these victims caving to the demands of the attackers and making ransomware payments. In 2023, the study found that ransomware payments alone cost nearly $1.3 million per organisation.

Besides the financial burden, the report highlighted that Australian organisations averaged 62 hours of downtime following a security incident last year - a resource drain that translates into more lost productivity and revenue. Organisations with 1,000-1,999 employees endured the most extended downtime, with nearly 74 hours on average per incident.

When manoeuvring this intricate landscape of cyber risks, Australian organisations are facing an array of challenges that prevent them from managing risks effectively. Impediments include immature risk management processes (24%), a lack of alignment between the cybersecurity organisation and the business (18%), insufficient personnel resources (18%), the inability to catch up in a fast-paced industry (17%), outdated technology (14%), and insufficient budget (9%).

In the face of these hurdles, 37% of respondents agree that deploying AI and machine learning to manage and mitigate cyber risk is at the top of their priorities. Despite this, only about a third of respondents have currently deployed or plan to deploy any individual solution. The most popular solution was extended detection and response (XDR), which unifies the capabilities of best-of-breed endpoint detection and response (EDR), network detection and response (NDR), SIEM, and SOAR solutions.

Almost half of Australian respondents (48%) believe they need more than a 50% budget increase to effectively manage and mitigate cyber risk. "Cyber risks are inevitable and no single organisation is immune to the threat bad actors pose to their business," says Raja Mukerji, co-founder and Chief Scientist at ExtraHop. "With ransomware and downtime on the rise and ripple effects being felt throughout entire organisations, leaders are recognising an inherent need to prioritise cybersecurity, and, better yet, business resilience. With greater visibility into and awareness of the current threat landscape, they can better identify their weaknesses, shore up their defences, and develop an action plan that keeps disruption to employees, customers, and other stakeholders to a minimum."