Australia has the highest rate of tech managers reporting their organisation is unprepared to cope with a targeted cyberattack, a survey has found.

A majority 77% of chief information security officers (CISOs) polled in Australia agreed they were unprepared to cope, according to cybersecurity firm Proofpoint’s “2022 Voice of the CISO” report. That was ahead of 65% in the UK and 64% in Germany, and top of all 14 countries surveyed.

“In Australia, more than three-quarters say their organisation is unprepared,” California-based Proofpoint said. Many were "seemingly aware of the issue but are unable or unwilling to implement an effective solution as they struggle to identify which of the many common threats is likely to strike”.

Two thirds of CISOs in Australia also reported an increase in targeted attacks since switching to widespread remote working – second only to Canada and compared with just 29% in the US.

In another survey, Texas-based Thales Cloud Security found four in 10 businesses had experienced a breach in the last year and a fifth of Australian organisations had paid, or would pay, a ransom to retrieve data.

Thales’ Melbourne-based ANZ director Brian Grant says "outdated approaches,” staff training and paying ransoms are not mitigating risk at data-dependent organisations.

“Staff turnover and inconsistent skills, combined with advanced social engineering by attackers, makes cyber awareness ineffective, while paying a ransom only fosters more criminal behaviour,” he said. "A worrying lack of effective data security continues to leave gaping holes for criminals to exploit.”

Encouragingly, 56% of IT leaders had implemented multi factor authentication and half had been able to avoid a breach because stolen or leaked data was anonymised using encryption or tokenisation.