A new cybersecurity report from Datacom exposes troubling discrepancies in how New Zealand and Australian organisations perceive and prepare for cyber threats.
The State of Cybersecurity Index, based on responses from more than 200 security leaders and 500 employees, reveals a concerning divide between leadership and staff on cybersecurity readiness. With AI-based attacks now topping the list of security concerns, the findings cast doubt on the ability of organisations to withstand emerging cyber risks.
A Leadership-Employee Disconnect
The Datacom report reveals a troubling difference in how security leaders and employees perceive cybersecurity awareness. Although 71% of security leaders are confident that their employees understand cyber risks, only 51% of employees agree. This disconnect suggests that many staff members may not fully recognise or know how to react to potential threats.
“Employees may not recognise or know how to respond to a cyber threat accordingly,” the report notes, highlighting the dangers of human error in cybersecurity breaches.
Furthermore, despite leaders believing their organisations are equipped to handle cyber threats, many fall short when it comes to formal business continuity or resilience plans.
Only 26% of security leaders in New Zealand and 38% in Australia report having such plans, exposing a critical vulnerability.
The Double-Edged Sword of Cybersecurity
The survey also confirms that AI-driven attacks are the leading concern among both security leaders and employees. AI-powered cyber threats are evolving rapidly, making it easier for cybercriminals to launch sophisticated attacks.
“AI-powered tools have enabled cybercriminals to create highly convincing phishing emails at scale,” said Datacom CISO Collin Penman. “AI-powered botnets can now also modify their own code to evade detection, propagate to other devices without human intervention, and optimise their attacks based on the security response.”
The rise of deepfake technology is further complicating the threat landscape, making social engineering scams more deceptive and difficult to detect. However, AI is not just a tool for attackers—it is also being leveraged for cyber defence.
Penman remains optimistic about AI’s potential to strengthen security. “But I believe the pendulum is swinging back towards the light, with the potential for AI-driven cybersecurity tools to level the playing field. AI can be used to detect anomalies in network traffic, identify potential threats before they materialise, and automate incident response processes, allowing security teams to stay one step ahead of attackers.”
A Shared Responsibility Not Just an IT Issue
The report reveals that cybersecurity is still largely viewed as an IT department’s responsibility rather than a shared organisational duty. Only 30% of employees believe that cybersecurity is everyone’s responsibility, while the majority think it falls on IT teams, managers, or senior leadership.
“We all clearly have work to do within our organisations to get everyone on the same page in understanding the evolving cyber threat landscape, and putting in place the policies, processes and governance to allow people to do their work productively and safely,” said Penman.
A significant part of this challenge is human error, which remains a leading cause of security breaches. The report stresses the need for organisations to implement best practices such as CERT NZ’s Ten Critical Controls and the Australian Government’s Essential Eight to mitigate these risks.
The Hidden Cost of Constant Threats
The relentless pressure of defending against cyber threats is taking a toll on security professionals. The report found that 61% of New Zealand and 58% of Australian security leaders experience cyber burnout within their teams. This stress can lead to mistakes, decreased effectiveness, and ultimately, higher risk for organisations.
Conclusion
Datacom’s State of Cybersecurity Index makes it clear that organisations cannot rely solely on their cybersecurity teams to defend against threats. Leadership must engage employees at all levels to build a culture of security awareness.
“While our senior IT and cybersecurity leaders are the experts, they need the backing of their leadership teams and all of their colleagues to ensure the right security practices are being followed,” said Justin Gray, Datacom New Zealand Managing Director. “More work needs to be done to ensure our teams are better informed about cybersecurity threats and the role they play in protecting their organisation.”