ANZ businesses overestimate cyber readiness amid resilience gap
The annual report, titled "The State of Data Readiness – Continuous Business in Focus", was commissioned by Commvault and conducted by Tech Research Asia. It draws on the views of 408 business leaders across the region and examines the readiness of organisations to handle cyber threats and maintain business continuity.
The findings reveal a critical difference between perceived and actual resilience. While most organisations believe they have robust plans to recover from cyberattacks, only 12% rate their ability to operate effectively during an incident as 'excellent'. Nearly a quarter rate themselves as 'bad' or 'terrible' when it comes to resilience during a cyber event.
Widespread attacks
According to the study, 70% of organisations in Australia and New Zealand experienced a cyberattack in the past year. Almost all were subjected to ransomware demands. Interestingly, while 54% of surveyed companies have policies not to pay ransoms, 15% of those still made payments when faced with real-world incidents.
Expectations among business leaders around recovery times diverge significantly from reality. 80% expect systems to be restored within five days of a cybersecurity event. Almost a quarter believe their organisation can recover fully in a single day. In practice, IT leaders report it takes an average of four weeks to reach even a minimum level of operational recovery, with 55% of organisations requiring more than a week to restore key functions. Notably, 20% of respondents say it takes their business an average of 45 days to fully recover from a cyber incident, compared to a global average of 24 days.
This mismatch underscores a resilience gap that presents particular challenges for organisations as they confront rising attack volumes and operate within the context of some of the world's strictest cyber and privacy regulations. Growth in cloud adoption and data sprawl, combined with emerging requirements such as artificial intelligence rules and increasing compliance pressures, mean that resilience strategies must continually adapt. "The data is clear - many ANZ organisations still treat cyber resilience as a post-incident task, and not a strategic priority," commented Martin Creighan, Vice President, Asia Pacific. "The rising frequency and impact of cyberattacks across the region should serve as a wake-up call. With recovery times stretching into weeks, the risk to business continuity has never been higher. Resilience must be driven from the boardroom - not just the IT team," added Creighan.
Rising complexity and compliance
While data growth in the region slowed moderately at 27%, the complexity of IT infrastructures increased. 62% of organisations now operate in hybrid or multi-cloud environments. However, over half of companies in both Australia (54%) and New Zealand (63%) report lacking full visibility into their cloud environments, including relationships, metadata, and system dependencies. This level of visibility is necessary for a coordinated and effective recovery when incidents occur.
Compliance issues further complicate recovery efforts. 34% of businesses surveyed are subject to at least four different regulatory and compliance requirements, such as APRA and SoCI rules. 27% admit that they are uncertain about the regulations with which they need to comply to be fully legal. Additionally, 54% face conflicting regulatory regimes for cross-border data transfers, increasing the pressure to achieve resilience not only technologically but also through compliance readiness.
Incident responses lag
The research finds that although the majority (70%) of organisations have incident response plans, only 30% regularly test all mission-critical systems. This lack of comprehensive testing leaves concealed weaknesses in cyber recovery strategies.
The consequences of such gaps can be severe. Three quarters of companies surveyed (74%) have experienced data exfiltration, and one third lost access to all data following a cyber incident. Only 32% managed to recover 100% of their data after an attack. "True resilience doesn't begin at the point of attack, it is built long before," said Gareth Russell, Field CTO, Asia Pacific, Commvault. "We need to shift from a response mindset to a readiness mindset where one must ask the hard questions: 'If we were hit tomorrow, how quickly and how cleanly, could we recover?' If that answer isn't clear, then investment and focus are urgently needed." Added Russell.
The report is based on a survey of Chief Information Officers, Chief Information Security Officers, IT Leaders, decision makers, and their direct reports from across Australia and New Zealand. The snapshot highlights the continuing challenges faced by the region's organisations as they strive to strengthen cyber resilience in an evolving landscape.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
RNZ News
7 hours ago
- RNZ News
Claims a banking class action is under threat from law change
Photo: There are concerns a class action lawsuit against two of our biggest banks will be undermined by a law change going through Parliament. The government introduced a bill to amend the Credit Contracts and Consumer Finance Act at the end of March. Among the changes - the redress for customers if banks or creditors fail in their disclosures. Currently lenders have to refund all fees and interest charged if they were in breach of disclosure laws; what's proposed would see that left to the courts to decide what is 'just' and 'equitable' in any breach. The proposed change comes as over 150,000 customers of ANZ and ASB undertake a class action over breaches made by both banks between 2015 and 2019. But Scott Russell, the lawyer leading the class action , is concerned about the fairness of the law change, given it will apply retrospectively.
RNZ News
8 hours ago
- RNZ News
Iwi businesses out performing many of NZ's largest businesses
New data shows iwi and hapu owned businesses have emerged from the economic downturn in good shape and performing well. The ANZ NZ report shows these commercial entities are performing better than many of this country's largest listed companies for the 2023 -24 financial year. The findings come from long running collaborative research including 10 years of data and involving 38 iwi/hapu entities managing treaty settlement assets. This report from ANZ comes just months after a report by the Ministry of Business, Innovation and Employment into Te Ohanga Maori - The Maori Economy- found that it is a significant, and increasingly important contributor to the wider economy of New Zealand. ANZ's Head of Maori Relationships, David Harrison, joins Kathryn to talk about the latest report's findings. To embed this content on your own webpage, cut and paste the following: See terms of use.
Techday NZ
4 days ago
- Techday NZ
Ben Bach appointed NSW Practice Director at HR Crowd for ANZ
HR Crowd has named Ben Bach as NSW Practice Director as part of its ongoing focus on regionally embedded leadership and reinforcing its Australia and New Zealand operating model. The appointment forms part of HR Crowd's strategy to invest in leadership, delivery capability and deeper client engagement across key markets in the region. Ben Bach will head one of HR Crowd's four regional practices in its ANZ structure, alongside the Northern, Southern, and New Zealand practices. Three specialist capability practices - Advisory, Technology and Innovation, and Time - complement this model. Ben Bach brings 17 years of experience in human capital management transformation, having worked in both public and private sectors. His background includes senior roles at NTT Data Business Solutions and Deloitte, where he led large-scale HR and payroll transformation programmes for clients across a spectrum of industries, including the public sector, consumer, education, mining, utilities, and gaming. Judith Carelsen, Co-CEO of HR Crowd, commented on the significance of the appointment. She said, "We've seen strong and sustained momentum in NSW and Ben's appointment reflects our commitment to scaling in line with that growth and deepening our leadership presence in a market that's been a core part of our business. It's a strategic investment in regional leadership, capability building, and bringing high quality business-aligned HCM transformation expertise closer to our clients. Ben brings energy, depth and a fantastic balance of strategic and delivery capability to our leadership team at exactly the right time in our journey." HR Crowd describes the NSW Practice as one of seven distinct practices - four regional and three specialist - allowing it to support clients across New South Wales through locally embedded leadership. The model is designed to facilitate access to nationwide expertise while enabling scalable delivery and greater proximity to clients. The business notes that the new appointment underlines its broader commitment to business-aligned, people-centred transformation for organisations in Australia and New Zealand. HR Crowd's client base spans government, health, infrastructure and large enterprise organisations across the two countries. Ben Bach expressed his perspective on joining the consultancy, stating, "I'm excited to be joining HR Crowd at such a pivotal moment. What drew me to the business is its combination of specialist HR and payroll expertise, collaborative culture and clear ambition to do things differently. I look forward to working closely with our NSW clients and my HR Crowd colleagues across ANZ to deliver transformation that's truly business-aligned and people-centred." Bach's areas of specialisation include SAP SuccessFactors, payroll, solution architecture, change management, and HR service delivery design. He will be based in Sydney, with responsibility for expanding the consultancy's presence in the region, supporting client engagements, and contributing to the national practice's development initiatives. According to HR Crowd, the regional practices are intended to provide deeper local engagement while aligning with the company's national delivery approach and sector-aligned capabilities. Adrian Everett, Co-CEO of HR Crowd, provided further context on the role of the NSW Practice within the firm's strategy. He said, "HR Crowd was founded to bring a new kind of consulting partnership to market, one that's advisory-led, hands-on, and relentlessly outcomes driven. The NSW Practice is not just a geographic hub, it's a cornerstone of our integrated ANZ model. It plays a critical role in how we support our clients and scale our impact across sectors and states. Ben's appointment reflects our long-term strategy to deepen leadership, accelerate client value, and build regional capability in the markets where we're most active." HR Crowd continues to expand its operations throughout Australia and New Zealand, attributing this growth to its consultative approach and capacity to support complex HR and payroll transformations across sectors. The NSW Practice is expected to play a central role in further anchoring the consultancy's presence in the state while leveraging national resources and expertise.
