Meet our cohorts

We surveyed 300 professionals working in IT and in other business functions. Respondents included 250 decision-makers across IT and cybersecurity who were surveyed in Australia, and 50 in New Zealand.

Work from home

  • 73%

    Of 73% of the respondents working in a hybrid model—some worked days remotely with other days worked in the office.


    More than four in five organisations (81%) have staff working from home, out of which 75% agree that maintaining a secure work environment is more challenging when employees are working from home or anywhere.

  • The top three concerns respondents have about cybersecurity, and employees working from home are:

    • 58%

      Unsecured Wi-Fi networks

      Unsecured Wi-Fi networks
    • 44%

      Risks due to personal devices and personal use of corporate devices

      personal devices
    • 41%

      Phishing attacks

      personal devices

Essential Eight

Essential Eight

Of the respondents, 63% said that they are not aware of, or don’t know about the Essential Eight framework.

Out of the 63% responding, 43%are working in C-suite or senior management roles, and

35%cite cybersecurity as their primary role.

Essential Eight

Cyber resilience

  • 55%

    Out of the 55% who are familiar with the term cyber resilience, 76% of respondents said their organisation has a cyber resilience policy, and 24% of IT decision-makers said their organisation didn’t have a cyber resilience policy, or they didn’t know if it had one.

  • 82%

    Of the 82% of respondents whose specific role is cybersecurity that were aware of cyber resilience, 88% of this group said their organisation has a cyber resilience policy.

  • 55%

    Out of 55% who are familiar with cyber resilience, 51% of respondents said less than 24 hours is defined as 'return to normal' in their cyber resilience plan/strategy.

  • 74%


    Of the respondents, 74% said their organisation has not paid a ransom to recover data, 10% say they have paid a ransom.

  • The top three concerns implemented in most organisations are:

    • Cyber awareness and training

      Cyber awareness and training
    • Cyber risk and threat management

      Cyber risk and threat managemen
    • Incident response and recovery plan

      Incident response and recovery plan

Data retention

Data breaches


In light of the recent high-profile breaches, this survey has tested the knowledge and readiness of ANZ organizations with regards to cyber resiliency and security. Responses from the research participants determined these findings:

  • Most organizations show complacency in cybersecurity, undeterred by their lack of knowledge about the required best practices.
  • The cybersecurity breaches that are recorded might, inadvertently, understate the damaging effects it can have on an organization.
  • Organisations recognising the importance of PII best practices has spurred the need for proper retention and management measures.
  • Concerns linger around cybersecurity in the wake of the hybrid-working model, that can serve as an attack surface for cyberattacks.
  • Although the Essential Eight is an established concept, many organisations are unaware of the framework, or that it should be immediately implemented to safeguard their IT infrastructure.
  • Many organisations have an inadequate cyber resilience policy that translates into low confidence in ransomware recovery.
  • This report about the state of cyber resilience in ANZ can serve as the starting point for achieving a cyber secure organisation.

Get the full story

Prepare your organisation for the digital workplace of the future.

Download the report
Guide download

Download the report

Name* Please enter the name
Business email* Please enter the valid email

By clicking ‘Get my copy’, you agree to processing of personal data according to the Privacy Policy.