Latest news with #Creighan
Techday NZ
08-07-2025
- Business
- Techday NZ
ANZ businesses overestimate cyber readiness amid resilience gap
A new study by Commvault has shown that most business leaders in Australia and New Zealand overestimate their preparedness for cyberattacks, with many experiencing confusion and delays following incidents. The annual report, titled "The State of Data Readiness – Continuous Business in Focus", was commissioned by Commvault and conducted by Tech Research Asia. It draws on the views of 408 business leaders across the region and examines the readiness of organisations to handle cyber threats and maintain business continuity. The findings reveal a critical difference between perceived and actual resilience. While most organisations believe they have robust plans to recover from cyberattacks, only 12% rate their ability to operate effectively during an incident as 'excellent'. Nearly a quarter rate themselves as 'bad' or 'terrible' when it comes to resilience during a cyber event. Widespread attacks According to the study, 70% of organisations in Australia and New Zealand experienced a cyberattack in the past year. Almost all were subjected to ransomware demands. Interestingly, while 54% of surveyed companies have policies not to pay ransoms, 15% of those still made payments when faced with real-world incidents. Expectations among business leaders around recovery times diverge significantly from reality. 80% expect systems to be restored within five days of a cybersecurity event. Almost a quarter believe their organisation can recover fully in a single day. In practice, IT leaders report it takes an average of four weeks to reach even a minimum level of operational recovery, with 55% of organisations requiring more than a week to restore key functions. Notably, 20% of respondents say it takes their business an average of 45 days to fully recover from a cyber incident, compared to a global average of 24 days. This mismatch underscores a resilience gap that presents particular challenges for organisations as they confront rising attack volumes and operate within the context of some of the world's strictest cyber and privacy regulations. Growth in cloud adoption and data sprawl, combined with emerging requirements such as artificial intelligence rules and increasing compliance pressures, mean that resilience strategies must continually adapt. "The data is clear - many ANZ organisations still treat cyber resilience as a post-incident task, and not a strategic priority," commented Martin Creighan, Vice President, Asia Pacific. "The rising frequency and impact of cyberattacks across the region should serve as a wake-up call. With recovery times stretching into weeks, the risk to business continuity has never been higher. Resilience must be driven from the boardroom - not just the IT team," added Creighan. Rising complexity and compliance While data growth in the region slowed moderately at 27%, the complexity of IT infrastructures increased. 62% of organisations now operate in hybrid or multi-cloud environments. However, over half of companies in both Australia (54%) and New Zealand (63%) report lacking full visibility into their cloud environments, including relationships, metadata, and system dependencies. This level of visibility is necessary for a coordinated and effective recovery when incidents occur. Compliance issues further complicate recovery efforts. 34% of businesses surveyed are subject to at least four different regulatory and compliance requirements, such as APRA and SoCI rules. 27% admit that they are uncertain about the regulations with which they need to comply to be fully legal. Additionally, 54% face conflicting regulatory regimes for cross-border data transfers, increasing the pressure to achieve resilience not only technologically but also through compliance readiness. Incident responses lag The research finds that although the majority (70%) of organisations have incident response plans, only 30% regularly test all mission-critical systems. This lack of comprehensive testing leaves concealed weaknesses in cyber recovery strategies. The consequences of such gaps can be severe. Three quarters of companies surveyed (74%) have experienced data exfiltration, and one third lost access to all data following a cyber incident. Only 32% managed to recover 100% of their data after an attack. "True resilience doesn't begin at the point of attack, it is built long before," said Gareth Russell, Field CTO, Asia Pacific, Commvault. "We need to shift from a response mindset to a readiness mindset where one must ask the hard questions: 'If we were hit tomorrow, how quickly and how cleanly, could we recover?' If that answer isn't clear, then investment and focus are urgently needed." Added Russell. The report is based on a survey of Chief Information Officers, Chief Information Security Officers, IT Leaders, decision makers, and their direct reports from across Australia and New Zealand. The snapshot highlights the continuing challenges faced by the region's organisations as they strive to strengthen cyber resilience in an evolving landscape.
NDTV
25-06-2025
- Business
- NDTV
Australian Companies Recover Faster With Tougher Regulations After Cyberattack: Study
Australian companies have sharply reduced the time it takes to recover from cyberattacks, a sign of improved preparedness amid heightened regulatory pressure following high-profile breaches at Optus and Medibank. Businesses in Australia and New Zealand now take 28 days on average to recover from an incident, down from 45 days a year earlier, according to a survey of 408 IT executives that was shared exclusively with Reuters. That still trails the global average of 24 days. "I do put that down to the fact that organisations and enterprises are getting more aware," said Martin Creighan, Asia-Pacific vice president at U.S. data protection firm Commvault, which commissioned the survey. "I also put it down to the fact that the regulators are being more stringent and more strict on what their requirements are," he added in an interview. Australia introduced mandatory breach disclosures and cybersecurity compliance reporting after 2022 attacks on Optus, owned by Singapore Telecommunications, and Medibank exposed millions of customer records. The country's cybercrime agency reported the average self-reported cost of cybercrime per business fell 8%, including an 11% drop for large firms, in the year to June 2024. Despite improved recovery times, fewer than a third of firms could respond effectively to an attack, and 12% had no formal response plan, showed the survey by Commvault which counts some of Australia's biggest banks and government departments as clients. Over half lacked full visibility of where data was stored or how systems were connected, the survey found. Creighan said cybersecurity was no longer confined to company tech departments and he had seen a rise in requests to brief boards on cyber resilience "because they're worried about the regulation landscape".
