Australia’s mid-market companies are currently at a higher risk of cyber-attacks and other disruptive events than ever before, and also risk falling foul of strict new data privacy laws and regulations.

These are some of the more worrying findings from a new study ‘The Transforming Role of IT in Australian Mid-Market Organisations’, just published by Brennan IT, which showed a distinct pattern of unawareness and being unprepared around skills, training, prevention, contingency planning and delegating responsibility.

When asked whether they had a nominated person with responsibility for security policies and controls, only 51% of respondents answered yes. That’s essentially almost half that have no-one in charge of policing security at all.

This situation is almost unfathomable in today’s high-risk, cyber-crime and privacy conscious environment.

Unsurprisingly, security training amongst the mid-sized Australian companies surveyed was found seriously lacking. More than a third of respondents (37%) admitted that they don’t conduct any security training at all, with 41% revealing it’s something they do less than once a year. Less than a quarter (22%) of organisations conducted any sort of security training more than once a year.

It was also surprising to discover only 54% of respondents have implemented multi-factor authentication.

Poor planning

Despite the sharp rise in cyber-attacks targeting organisations – as well as the increase in natural disasters – 16% of respondents said they had ‘no’ disaster recovery or business contingency plan for their organisation, with 35% answering ‘somewhat’. Just under half (49%) answered that they did have a plan.

Back in the 1990s this might have seemed reasonable, if not ideal, but today these are alarming statistics given the fact cyber criminals are increasingly targeting small and medium-sized organisations due largely to their obvious vulnerability compared with enterprises which have become much harder to breach in recent years.

Furthermore, new laws and regulations around data privacy have added a troubling new dimension which is challenging all Australian organisations. Despite the huge publicity and growing levels of conversation in corporate circles, our mid-sized companies appear largely to have missed the starting gun.

Asked ‘Has your organisation made changes to align practises to the Notifiable Data Breaches Legislation?’, only 32% reported they were fully compliant, with the remainder reporting ‘no, we’ve got some holes’ or ‘yes, but we’ve got some distance to go still’. This is despite the fact the legislation came into effect in February 2018.

Moreover, important common and relatively long-standing security accreditations were also found lacking among respondents.

Only 10% said they were ISM (Information Security Manual) compliant, with 12% being ISO 27001 compliant, and 10% ISO31000 compliant.

Managing the day-to-day

It’s clear most of the mid-sized organisations surveyed for the study are aware of the cyber security and data privacy challenges facing them – it was identified as their primary area for improvement over the course of the year. Therefore, it would seem the lack of consideration to key gaps and safeguards comes down to challenges like time and resources, rather than any sort of failure in duty.

For many IT managers, keeping the lights on day-to-day is a constant challenge, which makes proper training and planning of any sort difficult to achieve.

However, something few may be aware of is that highly-effective perimeter security and identity access credential security solutions can address many of these immediate security issues without the need for significant CAPEX.

Surviving and prospering in today’s challenging digital landscape requires an integrated approach with an experienced and qualified technology partner that can conduct a security assessment to establish where your organisation currently sits:, who understands the cyber security and data privacy needs of medium-sized organisations in Australia, and who can advise and help you to build-in and update your protections as you go.


Brennan IT has been at the vanguard of cyber security and data protection technology in Australia for the past 20 years, with a realistic approach to what’s possible. Connect with us today and start making a plan to have increased peace of mind and more time to work on driving your business.