INTELLIGENT BRANDS // Enterprise Security

KnowBe4 report demonstrates a clear connection between security awareness training and improved resilience .

The 2024 Phishing Benchmarking Report for Australia and New Zealand shows that without security training , across all industries , one in three ( 34.4 %) employees in ANZ are likely to click on a suspicious link or comply with a fraudulent request .

As a comparison , ANZ leads North America , South America and Africa but trails the UK , Europe and Asia at large – which is now the global leader at 28.4 %.

KnowBe4 analysed over 54 million simulated phishing tests across more than 11.9 million users from 55,675 organisations in 211 countries . The resulting baseline PPP measures the percentage of employees in organisations that had not conducted any KnowBe4 security training , who clicked a simulated phishing email link or opened an infected attachment during testing .

The findings in the report clearly demonstrate the effectiveness of combining simulated phishing security tests with security awareness training .

ANZ organisations that engaged in consistent training and testing experienced a substantial decrease in their average PPP to from 34.4 % to 19.1 % within the first 90 days and a further reduction to 5.5 % after a year of continuous training and testing .

The most notable improvement in ANZ was observed within large organisations , where the initial PPP at Phase 1 of 40.3 % was substantially reduced to 4.7 % in Phase 3 , an 88.28 % improvement . This significant favourable movement serves as a testament to the efficacy of robust and continuous security awareness training , along with rigorous testing protocol , in strengthening cyber defences .

The considerable overall improvement in PPP over three and 12 months is evidence that transforming cybersecurity culture requires breaking existing habits to make way for more secure ones .

Other highlights include :

y

y

y

y

y

y

Cyber risk is the primary concern for businesses in APAC , with malware , ransomware , and social engineering attacks being the most common attack strategies . Cybersecurity breaches are having a profound impact on businesses in Oceania . Preparedness levels among individuals and enterprises may be lower , exacerbating vulnerability to cyber threats . The shortage of trained cybersecurity professionals increases the risk of inadequate threat mitigation . Interest in security culture within the region has progressively gained momentum – underscoring significant progress in security culture across ANZ . Recent developments in government regulations see a notable shift toward the adoption of more secure practices . Organisations in the region are concerned with AI as an emerging threat vector .

“ With the Asia-Pacific region experiencing a significant surge in cyberattacks compared to its global counterparts , this report reinforces the crucial role the human element plays in cybersecurity . “ Although technology is important for preventing and recovering from cyberattacks , human error is still a big contributing factor to data breaches . Although it ’ s encouraging to see ANZ phishing results showed an improvement from last year , AI-driven threats will increase so it ’ s imperative that organisations continue to strengthen the human firewall with regular and focussed security awareness training ,” said Dr Martin Kraemer , Security Awareness Advocate , KnowBe4 . p

68 INTELLIGENTCIO APAC www . intelligentcio . com