Ready on paper, not in practice: The incident response gap in Australian organisations
76% of Australian organisations experienced at least one high-impact cyber incident that stopped their critical business functions in the past year. This type of disruption could severely impact business continuity, leading to extended downtime and financial consequences that may escalate into the millions.
To make matters worse, nearly 40% of organisations suffered multiple major incidents in the past year.
It begs the question, why arenʼt organisations' cyber response plans driving stronger business resilience?
The truth is, security teams often build their plans around assumptions rather than real-world threats and trends. That gap becomes painfully obvious during an actual incident, when organisations realise they aren't adequately prepared to respond.
Recent findings of a Semperis study titled The State of Enterprise Cyber Crisis Readiness revealed a strong disconnect between organisations' perceived readiness to respond to a cyber crisis and their actual performance. The study also showed that cyber incident response plans are being implemented and regularly tested, but not broadly. In a real-world crisis, too many teams are still operating in silos.
With the global cost of cybercrime estimated to reach as much as 10.5 trillion dollars in 2025, Australian organisations must invest in their cyber resilience now. Simply hiring more people isnʼt the answer. To drive resilience, organisations need to fix gaps in cross-team communication and coordination, but this is not always a simple task.
The key challenges in launching an effective cyber response
In the survey, Australian organisations were asked if any key factors were blocking their ability to launch an effective cyber response. Only 10% said they didn't face any roadblocks, revealing a common sense of frustration among respondents.
Communication gaps topped the list of roadblocks, and for good reason. Consider a scenario where an organisation has suffered a ransomware or other severe attack, which has disrupted its email and messaging systems, rendering them unusable. Without a dedicated communication tool that sits outside the affected email and messaging server, teams often struggle to communicate effectively. Out-of-date response plans
Organisations were also stymied by outdated or one-size-fits-all response plans. Often, companies in crisis find that their playbooks donʼt reflect the way their business actually operates. Unless incident response plans are tailored to the organisationʼs specific industry and business needs, the results can be chaotic. For example, a generic plan might drive people through an unrealistic escalation path that they canʼt actually implement because it doesnʼt match their technology, staffing, or budget capabilities. Unclear roles and responsibilities
Having unclear roles and responsibilities can further add to the chaos. To stop breaches from threatening crucial systems and services - and even causing denial of cyber insurance claims - incident response actions must be followed in a specific order by specific people, sometimes including those outside of IT and cybersecurity. However, many companies struggle with this during a crisis.
Three ways to improve your cyber response plan
A cyber crisis response plan must be executable at a moment's notice, whatever the threat. That is where practice comes in.
1. Tailor the plan to your organisation's specific needs
To ensure that your playbooks are tailored to the specific cyber challenges of your industry and organisation, you need to determine: Your risk tolerance: What is an acceptable level of cyber risk your organisation can withstand, quantified in terms of potential impacts, such as downtime or financial loss? The risk tolerance of a retail store will be very different to a hospital.
Identify your most critical assets and Tier 0 resources: What are your crown jewels that, if compromised, could lead to a complete takeover or severe disruption of your operations?
Dedicate roles to carry out specific actions in a specific order - not just for IT operations and cybersecurity leadership, but also for other critical business unit leaders, and even Board stakeholders.
2. Practise, practice, practice!
A robust, integrated, and well-practiced cyber crisis response plan is paramount for cyber and business resilience. After all, the faster you can respond and recover, the less severe the financial impact of a cyberattack will be.
Organisations can increase their agility by conducting tabletop exercises that simulate attacks. By practicing incident response regularly and introducing a range of new scenarios of varying complexity, organisations can train for the real thing, which can often be unpredictable. Security teams can continually adapt their response plans
based on the lessons learned during these exercises, and any new emerging cyber threats.
3. Implement dedicated out-of-band communication tools
In the event of a cyber-attack, an organisation's primary communication systems including email servers and collaboration tools may be compromised or unreliable. That's why having a secure, out-of-band communication channel that can be activated during a crisis is not optional, but essential.
The takeaway:
Cyber criminals donʼt wait for organisations to be ready - they strike when they least expect it. Having a thorough, well-tested incident response plan is the best way to improve operational resilience at a time during times of need.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Scoop
10 hours ago
- Scoop
Spark sells majority stake in data centre arm
In this newsletter: Spark sells 75 percent of data centre business Motorola releases range of satellite ready handsets RCG wins social impact award One NZ climate goals get international backing Pacific Equity Partners takes majority data centre stake Australian private equity firm Pacific Equity Partners (PEP) has purchased 75 percent of Spark's data centre business. The transaction is made up of $486 million in cash and an additional $98 million if the business meets performance targets by the end of 2027. Spark says it will use the money to pay down debt. The deal values Spark's data centre business at around $700 million. Spark CEO, Jolie Hodson, says, 'Through this partnership we will realise value for our data centre assets in the short term, while also continuing to participate in the growing market through our 25% retained stake – creating further value for our shareholders over the long term.' Standalone data centre business Hodson says Spark's data centre assets and operations will be moved into a new standalone business. Its working title is DC Co. The new firm will have its own board, management team and finance. Private equity firms like PEP rarely hold on to assets long-term. Which suggests it could prepare the business for a future trade sale. For now, DC Co has 11 data centre sites across New Zealand and 23MW of capacity. There are advanced plans for a new development at Dairy Flat on Auckland's North Shore and extensions at the company's Takanini site in South Auckland. New Zealand data centre projects On paper there is a wave of investment in new data centres in New Zealand although some projects appear stalled. AWS formerly promised it would open a major data centre in 2024. It has yet to deliver and there are reports work at the site has halted. Meanwhile DataGrid's planned $2 billion investment in a Southland site along with a new submarine cable is still waiting for its resource consent. For Spark, the deal is an opportunity to reduce the company's $2.7 billion telcos like Spark have struggled to remain profitable in the last two decades. Digital services mean the lucrative parts of the business are hollowed out as customers switch to cheaper alternatives. Meanwhile, regulatory and government pressure to make telecommunications more competitive mean lower margins in mobile and broadband. When Spark first announced it was looking for a data centre partner in February, Spark chair Justine Smyth warned: 'The scale and pace of deterioration in trading conditions we have experienced over the last year has been substantial'. Motorola introduces mobiles with One NZ satellite support motorola edge 60 fusion. One NZ has begun selling four new Motorola mobile phones. All models are 4G and 5G compatible and can work with One's direct to mobile satellite service. The top of the line motorola razr 60 is a $1400 flip phone. Also new this week are Motorola's $800 edge 60 fusion and the $1300 edge 60 pro. The company bills it $430 moto g56 5G as a 'no fuss, durable phone'. Also on sale at One NZ is the $226 moto g05. In 2016 the Motorola brand was picked up by Chinese computer maker Lenovo. Until last year the brand has been invisible in New Zealand although it was once a popular brand with models such as the moto x. One of the features that stands out is the phone's te reo Māori functionality and a fully localised te reo user interface. In other news... Vital presses remaining shareholders to back Tait Communications takeover — BusinessDesk (behind paywall) Finish line in sight for $770M rural connectivity programme — Reseller News Fifa World Cup rights could help TVNZ achieve pay-TV goal — The Post Australian court rules Apple and Google app stores are uncompetitive — Australian Financial Review The end of the line for AOL's dial-up internet service — The Guardian RCG's Ian Hooker, CEO, Steven Waters, Allison Bailie and Caitlin Metz with the Social Impact Award. RCG wins infrastructure social impact award The Rural Connectivity Group won Infrastructure New Zealand's 2025 Social Impact Award. The network-builder earned the award for its work bridging the urban-rural digital divide. Set up by Vodafone (now One NZ), Spark and 2degrees as a joint venture, the RCG has built 563 new mobile towers in rural areas and along regional highways. Its work even extends to the Chatham Islands. The RCG has connected 33,000 homes to modern communications technologies including broadband. In many cases users have a choice of service provider. One NZ climate targets gain global validation Science Based Targets initiative (SBTi) has verified One NZ's greenhouse gas reduction targets. The SBTi confirms the company's approach aligns with the 1.5°C warming pathway under the Paris Agreement. One is the first New Zealand telco to commit to absolute near-term cuts for Scope 3 emissions. The company says it cut combined Scope 1, 2 and selected Scope 3 emissions by 64 percent in the 2025 financial year. This include a 94 percent drop in electricity-related emissions after switching to renewable electricity. It says AI-powered network optimisation saved 16 gigawatt hours of electricity. One NZ's targets include cutting Scope 1 and 2 emissions by 42% percent and Scope 3 emissions by 42 percent by 2030. It aims to moving to 100 percent renewable electricity use over the same period. Five years ago: N4L checks school networks before exams New Zealand's NCEA exams moved online as a response to the Covid-19 pandemic and Network for Learning offered to help schools check their internet connections were up to the task. Auckland was in lockdown which meant another data traffic peak on the Chorus network. One year ago: ComCom report charts Starlink impact The Commerce Commission's 2024 Monitoring Report focused on the profound impact SpaceX's Starlink satellite broadband network had on rural communications. Share Download Weekly — Feel free to pass this email on to your colleagues. Have your say. If you're a subscriber, you can comment on any newsletter or story on the website. Just scroll to the bottom of the page. Reader emails are also welcome. The Download Weekly is supported by Chorus New Zealand. Spark sells majority stake in data centre arm was first posted at
NZ Autocar
19 hours ago
- NZ Autocar
Some EVs fall short on claimed range
An Australian motoring group, the AAA, has found that some EVs fall short of advertised range by almost one-quarter. However, others come close to lab test results in the real world. The Australian Automobile Association tested vehicles from Tesla, BYD, Kia and Smart in a bid to give consumers more accurate information on real-world range. The government-funded programme revealed that the true driving range of five popular electric vehicles is between five and 23 per cent lower than results from laboratory testing. Most though were under 10 per cent out. These are the first EVs the AAA has evaluated in its four-year, federally funded Real World Testing Programme. It is designed to give consumers more accurate information on real-world vehicle performance. The extended range variant of the BYD Atto3 had the largest variance, according to the AAA, with a real-world range of 369km. That was 23 per cent lower than the 480km achieved in laboratory testing. The Smart #3 had the lowest discrepancy, out by only five per cent. Tesla's Model 3 had a real-world range 14 per cent lower than suggested. Meantime, sibling Model Y and the Kia EV6 both had a real world range variance eight per cent below predicted. Despite the variations, both the AAA and electric vehicle industry representatives said the results should reduce range anxiety among consumers looking to buy an EV. The Electric Vehicle Council industry body's Aman Gaur said the AAA's results should 'give confidence that EVs have more than enough range for everyday' use. He added that the average person drives around 33km per day. This means that an EV with a range of 350km can be driven for more than 10 days before needing to be recharged. The results provide more reassurance than recent AAA tests on 114 petrol, diesel and hybrid vehicles. Results showed that 77 per cent used more fuel than advertised. One in five also produced more emissions than lab tests suggested they should. The AAA's managing director, Michael Bradley, said that the Real World Testing Program had found consumers couldn't always rely on the laboratory tests as an indicator of real-world performance. 'As more EVs come on stream, our testing will help consumers understand which new market entrants measure up on battery range' he said. Vehicles involved complete a 93km circuit of urban, rural and highway roads around Geelong in Victoria, using protocols based on European regulations. For electric vehicles, the program also measures how much electricity is needed to operate the vehicle during the test. While the five EVs involved used more energy in real-world driving conditions than in the lab, that's not surprising. 'Given the unpredictable nature of driving, it's inherently challenging for manufacturers to provide real-world estimates.' A spokesperson from smart EVs said: 'To achieve such a low five per cent variation is, we consider, a testament to the leading battery and overall EV technology that underpins the smart brand.' 'We thank AAA for the work they undertook to give consumers a real-world view of the performance of EVs that, hopefully, further alleviates any residual range anxiety and helps to act as incentive to experience the future of urban motoring.'
1News
20 hours ago
- 1News
Could a four-day week be the future of work for more businesses?
A four-day working week might sound like a dream, but for some businesses, it's already a reality - and the pressure to make it the norm seems to be growing on the other side of the Tasman. Now, Australia's biggest union body is calling for the model to become the norm, reigniting debate across the ditch and prompting comparisons to New Zealand's early trials. The Australian Council of Trade Unions (ACTU) is leading the charge, saying a shorter work week without a pay cut can lead to higher productivity and a better quality of life. 'You get better performance. Workers are healthier. They've got a better life balance,' said ACTU president Michelle O'Neil. ADVERTISEMENT But the proposal hasn't landed well with everyone. Business groups are pushing back, questioning whether reduced hours are realistic without corresponding gains in productivity. 'Do you want a pay rise or do you want reduced working hours? They have to be based on the achievement of real productivity gains,' argued Andrew McKellar, CEO of the Australian Chamber of Commerce and Industry. Some Australian politicians, including the Greens, are backing the move - citing international and local examples where shorter weeks have delivered results. 'The trials that are underway in Australia and around the world tell us that you can be more productive with a shorter working week,' said Greens Senator Barbara Pocock. Australian Prime Minister Anthony Albanese is open to the discussion, but says it's not yet government policy. 'There's other measures that will feed into next year's budget… there's other things that could be for a future term of government,' he said. Australian PM Anthony Albanese is declining to commit to the idea. (Source: 1News) ADVERTISEMENT And while the concept is gaining momentum, not everyone is convinced the timing is right. 'The smaller the economy, the more the Australian people will feel poor,' said Ted O'Brien, Australia's Shadow Treasurer. Some in NZ ahead of the curve Here in Aotearoa, the idea is far from new. In 2018, Perpetual Guardian made headlines as one of the first companies in the world to trial and later adopted a four-day working week. The results showed improved productivity, better staff wellbeing and higher engagement. Since then, other New Zealand companies have experimented with different variations of flexible work. Mana Communications, a small PR agency, introduced a nine-day fortnight in 2020 and says the benefits have been tangible. 'It just gives you a day where you can do your shopping, do your laundry, do your life admin and still have a full weekend,' said managing director Caleb Hulme-Moir. ADVERTISEMENT 'I was able to do a course that I've always wanted to do on our Mondays off, something that I didn't have time for previously,' added account executive Leilani Wright. Both say they believe more businesses on both sides of the Tasman should give it a go. 'Absolutely think more businesses in Australia and New Zealand should take up this idea,' said Hulme-Moir. 'I think if we can do it, anyone can do it and just start with a nine-day fortnight and see the productivity grow,' added Wright. As Australia's unions ramp up the pressure, and trials continue to show positive outcomes, attention is once again turning to New Zealand's workplace future and whether more companies here might soon make the switch. The future of work might just start with an extra day off.
