Survey reveals urgent need for prioritisation of network and security architecture transformation and adoption of a Zero Trust ‘Resilient by Design’ approach for cyber resilience strategies in the face of inevitable future attacks
- 75% of Australian organisations expect to experience a significant failure scenario in the next year.
- 97% of Australian IT leaders ‘believe’ their current cyber resilience measures are effective, yet ransomware attacks continue to rise and cost organisations billions of dollars per year.
- But only 32% say their cyber resilience strategy is up-to-date in preparation for modern attacks in response to the rise of AI
- Australian organisations must more closely examine their ability to respond to advanced cyber breaches, which allow threat actors to access systems, move laterally, and steal sensitive data.
COMPANY NEWS: A global survey from Zscaler, the leader in cloud security, has revealed a critical disconnect between IT leader confidence in their organisation’s ability to weather upcoming failure scenarios like cyberattacks and the effectiveness of current security approaches. According to the survey conducted by Sapio, which incorporated responses from 1,700 IT decision makers across 12 countries, almost half (47%) of Australian IT decision makers believe their IT infrastructure is highly resilient and 97% think their current cyber resilience measures are effective.
Contradicting this confidence, almost one-third (32%) of Australian IT leaders haven’t reviewed their cyber resilience strategy in over six months, and only 32% report their strategy is up-to-date in preparation for modern attacks in response to the rise of AI–showing a disconnect between the level of confidence and taking action. The threat landscape evolving and the devastating impact of ransomware attacks, with Australia ranking as the seventh most targeted country, organisations must evaluate their ability to respond to and plan for attacks– making it crucial to transition to a zero trust architecture.
Cyber resilience requires greater prioritisation and urgency from leadership
Examining the disconnect between confidence levels and current strategies highlights a lack of investment from organisational leadership as a key friction point. Australian respondents indicate that a majority of leaders understand the growing importance of having a robust cyber resilience approach, but only a minority (35%) believe it is one of their leaders’ ‘top priorities’. This prioritisation is reflected in the amount of budget assigned to cyber resilience strategies, with over half (52%) agreeing that the level of investment doesn’t meet the escalating need. From a total cost of ownership perspective, this suggests that spending additional funds on a legacy security model that isn’t working requires a new approach which can be accomplished with zero trust.
It is also evidenced by the lack of cyber resilience involvement from leadership. For most organisations, the burden of cyber resilience planning falls to IT leaders and their teams. Only 39% of Australian IT leaders say they have the CISO, for example, actively participating in any resilience planning. Further evidence of cyber resilience being siloed is the fact that only 33% of IT leaders say their cyber resilience strategy is included within their organisation’s overall resilience strategy.
“The possibility of a major failure scenario for organisations is not an ‘if’ but ‘when’, as the statistics in our report show,” said Jay Chaudhry, CEO, Chairman and Founder, Zscaler. “It proves the need for proactive resilience to combat and mitigate inevitable incidents before they become a significant issue for business continuity. Proactive resilience is essential to address incidents before they threaten business continuity. Cyber resilience is foundational to overall business resilience, and outdated firewalls and VPNs allow persistent attacks, making a zero trust architecture crucial for defending against advanced threats. Leadership must collaborate with IT teams to develop a strong cyber resilience strategy based on Zero Trust, preparing for and mitigating the impact of sophisticated AI-driven attacks. We call this becoming ‘Resilient by Design’.”
Prevention is overprioritised compared to response & recovery
Over half (53%) of Australian IT leaders believe their organisation overly prioritises prevention – with splits showing that over two fifths (43%) of cyber security strategies and budgets are focused on prevention, at the expense of response or recovery. This suggests that most organisations are not prepared for what would happen if a failure occurred and would struggle to recover business operations as quickly as needed. Even among those organisations focusing their efforts on prevention, fewer than half are deploying each of the following proactive security tools to contain the blast radius of cyberattacks and mitigate further damage: risk hunting (41%), Zero Trust micro segmentation (32%,) and deception technologies (34%).
“With the evolving threat landscape and our report finding 48% of Australian organisations experienced a significant failure scenario in the past six months, a robust and proactive resilience strategy is now more critical than ever,” said Eric Swift, Vice President and Managing Director, ANZ at Zscaler. “We’re regularly identifying Australia among the top targeted countries for ransomware, phishing, and encrypted attacks, and with the report showing 75% of organisations are anticipating a breach, the ‘Resilience Factor’ is crucial. The Australian government’s recent direction to prevent installation and use of DeepSeek from all government devices, citing security concerns, underscores the importance placed on national resilience. This decisive action reflects a broader commitment to safeguarding against emerging threats and highlights the necessity for organisations to align their security frameworks with evolving regulations to enhance resilience in an increasingly complex threat landscape.”
A Zero Trust architecture enables a ‘Resilient by Design’ approach
To mitigate cyber resilience risk, organisations should embed visibility and control into their security strategy. Understanding failure scenarios more quickly and thoroughly based on the insights from an AI-powered cloud security platform to mitigate the blast radius of an incident strengthens the resilience posture. This outcome is what Zscaler enables with a ‘Resilient by Design’ approach. Because cyber threats evolve and advance so quickly, Zscaler leverages AI to dynamically adjust access based on changing risk. The Zscaler Zero Trust Exchange reduces risk across all four stages of the attack chain and supports a ‘Resilient by Design’ approach:
- Minimise the attack surface
- Prevent initial compromise
- Eliminate lateral movement
- Stop data loss
The full survey report, ‘Unlock the Resilience Factor: Why Resilient by Design is the Next Cyber Security Imperative’ can be downloaded via this link.
Zscaler Cyber Resilience Report Methodology
In December 2024, Zscaler commissioned Sapio Research to conduct a survey of 1,700 IT decision makers (IT leaders) across 12 markets (Australia, France, Germany, India, Italy, Japan, Netherlands, Singapore, Spain, Sweden, UK & Ireland, US). These IT leaders work at companies with 500+ employees and across industries.
About Zscaler
Zscaler (NASDAQ: ZS) accelerates digital transformation so customers can be more agile, efficient, resilient, and secure. The Zscaler Zero Trust Exchange™ platform protects thousands of customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location. Distributed across more than 150 data centers globally, the SSE-based Zero Trust Exchange™ is the world’s largest in-line cloud security platform.