Australia, New Zealand invest AUD $7 million in cyber education
Australia and New Zealand have ranked third globally for phishing vulnerability, with a baseline Phish-prone Percentage (PPP) of 36.8% according to KnowBe4's 2025 Phishing by Industry Benchmarking Report.
The report provides an analysis of cybersecurity readiness based on how likely employees are to fall victim to social engineering or phishing attempts. The PPP metric, developed by KnowBe4, reflects the percentage of users who are susceptible to phishing prior to any security training. For Australia and New Zealand (ANZ), this baseline figure of 36.8% is higher than both the global average of 33.1% and the European average of 32.5%.
KnowBe4's study draws on data from 67.7 million simulated phishing exercises conducted among 14.5 million users in 62,400 organisations worldwide. Employees underwent a programme of security awareness training, with their PPP tracked at intervals of ninety days and again after more than a year, to evaluate the effectiveness of ongoing training in reducing cyber risk.
The findings highlight a marked improvement in resilience to phishing threats following sustained training. Within the first ninety days of awareness training, the average PPP in the region dropped from 36.8% to 19.9%. After twelve months, this figure declined further to just 4.9% on average. KnowBe4 noted that these results are consistent with global patterns, where ongoing security awareness initiatives play a substantial role in strengthening defences against cyber attacks.
Large organisations in Australia and New Zealand were identified as the most susceptible globally, with an initial PPP of 44.6%. The report shows these organisations reduced their risk dramatically to 4.7% after a year of continuous security awareness training. The data also indicated that the critical infrastructure and banking sectors were the most vulnerable to phishing in the ANZ region at the outset of the study.
Government action in response to the findings has included an investment of AUD $7 million, distributed among 200 recipients, to support community-level cyber education initiatives. This forms part of broader efforts to build long-term resilience, which also include legislative measures to address the increasing sophistication of cyber threats targeted at critical infrastructure sectors.
International cooperation has become a core strategy in the region's response to cyber challenges. Australia and New Zealand have engaged with partners through the Five Eyes security alliance and invested in developing a skilled cybersecurity workforce as part of their approach to strengthening organisational and national resilience.
Erich Kron, Security Awareness Advocate at KnowBe4, commented on the results: "Our report shows that large ANZ organisations began with the highest phishing vulnerability globally at 44.6% yet achieved a remarkable reduction to just 4.7% after ongoing training. The most significant shift we are seeing is the growing recognition by the Australian government of the critical role that community-level education plays in building a resilient cyber ecosystem, evidenced by their AUD $7 million investment across 200 recipients. While progress is being made, it is clear from the data in the report that sustained security training is essential to drive long-lasting change."
The KnowBe4 report reiterates the importance of regular, comprehensive security training in reducing individuals' susceptibility to phishing and social engineering, particularly within sectors deemed high risk. The report underlines the necessity of a multifaceted approach that combines education, government policy, industry collaboration, and workforce development to address the persistent risk posed by phishing attacks in the region.
Follow us on:
Share on:
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Otago Daily Times
2 days ago
- Otago Daily Times
Tug sent abroad to make way for new boat
For more than two decades the tug boat Otago has been a familiar sight, plying the Otago Harbour channel with large ships in tow. But next week it will be given a fond wave by Port Otago staff as it is hitched to the stern of a ship and towed across the Tasman to Sydney. Port Otago marine and infrastructure general manager Grant Bicknell said it had been sold to an Australian commercial marine towage service and would eventually be based in Cairns. All of its windows have been boarded up to handle big-sea conditions and it was expected to depart on Wednesday. He said Otago was sold so the port could buy a new $15 million 70-tonne Damen ASD 2312 tug. The purchase is part of Port Otago's strategy to be New Zealand's "always open" port, capable of handling the biggest ships visiting the country. Port Otago chief executive Kevin Winders said the new tug was a key piece of infrastructure that would allow the port to be big-ship capable. "We already have the three other essential components in place — the multi-purpose wharf, at 430m long and a berth depth of 14m; consent to deepen the Lower Harbour channel to 15m and a new state-of-the-art dredge on order. "By January 2026 we will also have the tug fleet we need — that is a fleet capable of handling container vessels up to 10,000TEU and larger bulk ships. "It's also relevant that these bigger vessels have lower carbon footprints per container movement." It would join the tug Taiaroa (a Damen 70-tonne bollard pull) and tug Arihi (a 30-tonne bollard pull). Mr Bicknell said to manoeuvre a 10,000TEU container vessel in the swing basin and on to the Multipurpose Wharf required two 70-tonne bollard-pull tugs. Alongside the capability advantages, the upgrade also reduced the tug fleet's maintenance risk and provided a better carbon outcome, he said. "The Damen tug's modern Euro 6 diesel engine uses two-thirds as much fuel as the 21-year-old Otago. "It has excellent manoeuvrability because of its compact shape, patented Twin Fin skeg configuration and twin Azimuth thrusters." He said the single winch design was another feature that had both operation and safety benefits. "Older tugs have two winches — one for fore and one for aft — but the Damen ASD 2312 has only one centrally-placed winch that's integrated into the tug's superstructure. "The central positioning means that the winch is capable of towing over the bow and over the stern. "As a result, the deck is more spacious, free of clutter and safer." The new tug is under construction in the Damen Changde shipyard in China and is expected to arrive early next year.
Scoop
2 days ago
- Scoop
Trump Tariffs Critique Sparks Councillor To Jump To US President's Defence
If Donald Trump ever found himself on the West Coast, he could count on at least one fan to roll out the regional council welcome mat. Goldmining councillor Allan Birchfield sprang to the defence of the US President at this month's corporate services meeting, after the council's treasury advisor critiqued Trump's tariff policies and their chaotic impact on financial markets. Bancorp corporate manager Miles O'Connor was presenting the firm's quarterly report on the West Coast Regional Council's (WCRC) $14 million investment fund, and the global trends likely to affect interest rates - all backed up with graphs, facts and figures. The US was moving away from acting in the world's interest towards an America-centric approach, he noted. Traditionally 60 percent of the world's capital had gone to the US because it was seen as a safe haven in uncertain times, O'Connor said. But the volatility in the equity and bond markets that followed Trump's 'Liberation Day' tariffs had not been seen since the stock market crash of 1987, and had caused a flight of capital out of the US and into European, Asian, and Japanese markets. Predicting profits and interest rates had become so difficult that some banks and major companies had given up forecasting completely, O'Connor said. The US president had also challenged the independence of the Federal Reserve by calling on its governor to cut interest rates. "Now that's just not done normally by political leaders. You don't see our Reserve Bank being told by the Prime Minister you must drop rates. "It's inherent in monetary policy that the central bank is independent of political influence." Trump had since reduced the 145 percent on Chinese goods to 30 percent, and the markets had settled down somewhat, but some tariffs would be permanent and New Zealand exports would be affected, O'Connor said. A recent Federal Reserve survey showed the tariffs were not working as hoped in the US domestic market: businesses were passing on price hikes to customers which was inflationary and hardly any overseas companies were relocating to the US. "My view is (Trump) probably won't go back to what he was doing; he probably didn't expect the reaction he got." Two Trump policies that did make sense were US defence spending and ending "unfettered" immigration, O'Connor said. "I'm not totally opposed to what he (Trump) does - some of the other policies I am slightly dubious about." Councillor Birchfield, whose goldmine office sports a large photo of Trump, seized his opening. "I'm pleased you're starting to give Donald a bit of credit - you go on with the usual rhetoric, anti-Donald Trump. "You say the US only does stuff in its own interest - you need to think about the US Navy - it guarantees freedom of trade - even for China [and] it's a huge cost on the US taxpayer." The US had recently "sorted out" the (Yemen rebel group) Houthis who had been disrupting world trade, Birchfield said. "Nobody else is gonna do that so you do need to start recognising the value of the US. And I see you saying it could impact New Zealand exports. "You don't really know. Lift your game," Birchfield instructed the Bancorp manager. O'Connor agreed the US did protect world trade. "But [the tariffs] are having an effect on our exports - we know that from some of our clients who've had orders cancelled." Birchfield continued, saying Trump had a huge problem of debt and a trade imbalance with China. "There's gonna be a bit of a shake down but at the end of the day he had to sort that out." O'Connor said the reason for the trade imbalance was that the US just could not match China's manufacturing capabilities. Council chairperson Peter Haddock put an end to the exchange, saying "We've had a shot across the bows by the US". "We have to recognise the volatility in the world... the best we can get out of it is lower interest rates." O'Connor said the official cash rate was likely to drop to three percent this year or possibly lower by November. The council had longer term cover in place for its investments and would not need to make any changes until next year, he said.
Techday NZ
2 days ago
- Techday NZ
Strengthening cyber resilience in superannuation
In early April, cybercriminals infiltrated multiple superannuation providers using stolen credentials to drain half a million dollars, while four Australians saw their retirement savings vanish overnight. Investigators are racing to piece together the scale of the breach, emphasizing the growing cybersecurity risks threatening Australia's AU$4.2 trillion retirement savings pool. With 12.6 million superannuation members exposed in recent attacks, the question is no longer if fraudsters will strike, but how the industry can stay ahead in this battle. Even though the Australian Prudential Regulation Authority (APRA) praised multifactor authentication (MFA) as "one of the most effective controls an organisation can implement" in 2023, the rapid evolution of cybercrime demands more sophisticated defences. Limits of MFA in a changing threat landscape MFA remains one of the critical security measures, requiring users to verify their identity with two or more credentials, which adds an extra layer of friction to deter attacks in the login process. However, cybercriminals are also adapting, using modern tactics such as phishing, social engineering and AI-powered techniques to bypass these defences. Recent superannuation breaches highlight another vulnerability in the digital landscape: inadequate password practices. Many individuals still reuse passwords across platforms, unintentionally simplifying the task for cybercriminals who exploit stolen credentials. Attackers often conduct these crimes unnoticed, causing considerable financial damage before they are detected. Trade-off between cybersecurity and user experience According to the True Cost of Fraud Study by LexisNexis Risk Solutions, Australian organisations saw a 66% year-on-year increase in fraud, with every dollar lost costing firms AUD$3.68. This trend highlights the urgency for a more adaptive and layered approach to fraud prevention. At the same time, customers today expect both security and convenience. Applying MFA to every interaction could be a more robust approach but excessive friction can lead to abandonment, indirectly discouraging users from monitoring their accounts due to higher friction, making them less likely to notice when they have become victims of an attack. A more nuanced, risk-based approach that applies the right level of security based on the context and risks of each interaction allows organisations to detect and disrupt complex fraud in real time without adding unnecessary friction. By aligning protection with risk, businesses can strengthen security without compromising customer experiences. A comprehensive defence strategy involves multiple layers, and each layer strengthens defence against fraudsters. This ensures that if one security measure fails, others remain in place to detect and mitigate fraudulent activity. Key measures should include identity verification, device intelligence, behavioural intelligence and real-time risk scoring: Risk assessments analyse contextual risk signals, such as device reputation, IP geolocation, network patterns and login behaviours. This allows institutions to assess the risk level of each interaction. AI models analyse these signals in real time to assign a risk score, deciding whether extra authentication is necessary. AI-powered identity verification ensures that the individual behind the digital interaction is genuine. Comparing identity details with public records and data from multiple providers further validates the authenticity of the identity. Fraud assessments assess risk associated with an individual's identity by analysing a combination of digital, physical and behavioural signals. With holistic behavioural intelligence, such as keystroke dynamics, device interactions and mouse movements, this approach builds a dynamic profile of each user over time, and deviations from this may signal potentially bot or fraudulent activities. Adaptive authentication: Apply stronger verification for high-risk scenarios dynamically, while maintaining a smooth experience for legitimate users. Recent cyberattacks targeting superannuation funds highlight the need for a more robust digital defence strategy. APRA's multi-factor authentication guidelines offer a solid foundation, but static approaches alone are not enough to manage dynamic threats. Industry players must take a unified, layered approach to safeguard Australia's financial system.
