SMEs warned not to dismiss cyber security

Australian businesses are at risk of overlooking the importance of cyber security as they look to chase new business activity.

14 April 2022 

A new CyberArk global report revealed that 87% of Australian senior security professionals surveyed state that cyber security has taken a back seat in the last year in favour of accelerating digital business initiatives.

The CyberArk 2022 Identity Security Threat Landscape Report identifies how the rise of human and machine identities – often running into the hundreds of thousands per organisation – has driven a build-up of identity-related cyber security “debt”, exposing organisations to greater cyber security risk.

According to Udi Mokady, founder, chairman and CEO, CyberArk, the past few years have seen spending on digital transformation projects skyrocket to meet the demands of changed customer and workforce requirements.

“The combination of an expanding attack surface, rising numbers of identities, and behind-the-curve investment in cyber security – what we call cyber security debt – is exposing organisations to even greater risk, which is already elevated by ransomware threats and vulnerabilities across the software supply chain.

“This threat environment requires a security-first approach to protecting identities, one capable of outpacing attacker innovation,” Mokady said.

Every major IT or digital initiative results in increasing interactions between people, applications and processes, creating large numbers of digital identities. If these digital identities go unmanaged and unsecured, they can represent significant cyber security risk. 

Security professionals agree that recent organisation-wide digital initiatives have come at a price. This price is cyber security debt, security programs and tools have grown but not kept pace with what organisations have put in place to drive operations and support growth.

This debt has arisen through not properly managing and securing access to sensitive data and assets, and a lack of identity security controls is driving up risk and creating consequences.

The debt is compounded by the recent rise in geopolitical tensions, which have already had direct impact on critical infrastructure, highlighting the need for heightened awareness of the physical consequences of cyber attacks:

Around 87% of Australian organisations report prioritising the maintenance of business operations over ensuring robust cyber security in the last 12 months (compared to 79% globally).

And about 56% have identity security controls in place for their business-critical applications (compared to 48% globally).


Explore our cyber training and resources to defend against online threats to your business. Plans start from only $10/month.

While cyber risk awareness has generally risen among executives and board members, it has not necessarily triggered the required programmatic focus and funding to mature core cyber security controls among Australian businesses across all sizes and industries, according to Thomas Fikentscher, Regional Director of Australia and New Zealand, CyberArk.

“The volume of machine and human identities has steadily grown and will play into the hands of malicious actors unless the current cyber security debt is rapidly addressed with the implementation of strong and adaptive access controls and by enforcing zero trust principles surrounding critical data and assets.

“Compromising fundamental cyber security controls in favour of rapid introduction of new digital initiatives is a risky endeavour and should be brought into balance in 2022 and beyond,” Mr Fikentscher said.

What can be done?

  • Push for transparency: 87% of Australian respondents say that a software bill of materials would reduce the risk of compromise stemming from the software supply chain.
  • Introduce strategies to manage sensitive access: in Australia, the top three measures that most CIOs and CISOs questioned in the survey have introduced (or plan to introduce): least privilege security/zero trust principles on infrastructure that runs business-critical applications, process to monitor SaaS user accounts and access.
  • Eliminating embedded credentials in order to secure passwords, secrets and other credentials used by applications, machines, and scripts.
  • Prioritise identity security controls to enforce zero trust principles: The top three strategic initiatives to reinforce zero trust principles are: workload security, identity security tools and data security.


Train your staff to be the frontline of your defence against cyber attacks with plans starting from $10/month

Found this useful?

Subscribe to our newsletter and receive the best business tips and articles straight to your inbox.

Thank you for signing up to our newsletter. You're one step closer to receiving more insightful information to help better your business.

We take your privacy seriously and by subscribing to our newsletter you agree to the terms of our Privacy Policy available below.