Overconfidence in Cybersecurity Is Leaving Businesses Exposed | Image Source: www.rnz.co.nz
WELLINGTON, New Zealand, March 24, 2025 – In a digital world where threats are changing as fast as tools designed to stop them, new research has painted a sober picture of business overtrust in cybersecurity. The results of the Datacom Cybersecurity State Index, in collaboration with Tech Research Asia (TRA), reveal a disconcerting disconnect between leadership confidence and front-line readiness, especially when AI-induced cyber threats become more advanced and more difficult to detect.
What is the greatest concern for corporate cybersecurity in 2025?
The attacks of artificial intelligence (AI) have officially taken the central scene. According to Datacom’s Index, AI threats now exceed the list of cyber security concerns between security leaders and employees. From hyper-realistic phishing to social engineering tactics to extreme farce, cybercriminals are no longer limited by time or skill, supported by machines that learn, adapt and scale.
Collin Penman, Head of Information Security at Datacom, warned against this double-edged sword:
“The AI-controlled botnets can modify your code to avoid detection, spreading without human input and optimize attacks based on the system’s response. But the same technology, if well used, can also give defenders a benefit. “
While AI’s cybersecurity potential is undeniable: detecting network anomalies, automating response to incidents, and improving threat intelligence, the threat remains double. Companies compete simultaneously to adopt AI and fight to secure it. This tension is at the heart of this year’s conclusions.
Do employees and managers agree on the preparation of cybersecurity?
Not even close. Datacom’s survey of over 700 professionals in New Zealand and Australia shows a gap in perception. Approximately 71% of security leaders believe their teams are well informed about cyber risks. However, only 51% of employees agree. It’s not a slight divergence, it’s a striking red light.
What this means is that although leadership may feel confident in preparing your organization, employees – most likely to find fake emails or suspicious links – do not think they have been equipped to handle real threats. This lack of knowledge becomes a dangerous field, especially when it comes to social engineering.
Penman highlighted this point more:
“The stains often go to human error. If employees do not understand their role in cyberhygiene, we will always step back. »
Is cybersecurity still considered a ”computer problem”?
Unfortunately, yes. One of the most critical ideas of the index is that most employees still view cybersecurity as the responsibility of IT service. Only 30% recognized it as everyone’s work. This old-fashioned mentality could be a disaster. In reality, modern cybersecurity requires the participation of all parts of the company, from first-class staff to executives.
It’s not just theory, it’s survival. The more distributed and hybrid our workplaces, the more decentralized our risk areas will be. Thinking that cybersecurity is “the work of someone else” creates blind points, and blind points are exactly where attackers thrive.
Are organizations really ready for a cyber incident?
The confidence of leadership might say yes, but the numbers say otherwise. According to the index, only 26 per cent of New Zealand companies and 38 per cent of Australian companies have a formal business continuity or resilience plan. This means that if a gap occurs, that in the current climate is more a matter of 𝐰𝐡𝐞𝐧 than 𝐲𝐞𝐬 , most organizations fly blind with respect to recovery.
Penman didn’t look at the words:
“Some companies are doing well. But those are the exceptions, not the rule. This is one of the greatest risks we face. »
This error reflects historical examples, such as the Titanic Maginot Line or France, where unfounded confidence has led to catastrophic failure. In cybersecurity, this same arrogance can damage operations, damage brands and cost millions.
Is that enough backup to protect Ransomware?
They were. Not anymore. Today’s aggressors point directly to the safeguard, knowing that many organizations rely on them as their only safety net. The Illumio investigation revealed that 98% of ransomware attacks now include attempts to compromise backup systems. However, more than half of companies still believe that single support will save them.
This excessive dependence is dangerously naive. Backups must now be segmented, isolated and regularly tested to be truly effective. Without this, companies can end up restoring corrupt data – or worse, without restoring anything at all.
Why is Zero Trust’s safety gaining traction?
The term “Zero Trust” may sound cynical, but it quickly becomes the gold standard. The idea is simple: don’t trust anyone, check everything. Whether it is an internal employee or an external vendor, Zero Trust requires strict access control, continuous authentication and real-time monitoring.
This model directly addresses one of the most ignored vulnerabilities of modern networks: lateral movement. According to Illumio, 52% of Ransomware’s attacks in 2024 involved lateral movement, compared to 33% in 2021. Once the attackers enter, they often move silently, jumping between systems until they reach valuable data. This is why containment is as important as prevention.
Zero Trust helps stop this spread before it starts. Through microseguration – dividing a network into safe areas – organizations can restrict access and isolate threats more quickly. It is not a cure, but it is an essential layer in today’s multilayer defence strategy.
Do hybrid and cloudy environments make things more difficult?
In a word, yes. Hybrid work and cloud migration greatly expanded the surface of the attack. Many organizations are now fighting with visibility in their environment. According to the index, 35% of respondents indicated that they were unable to track activity through hybrid and cloudy systems, which is a dangerous blind spot against agile and persistent threats.
Without clear visibility, detection and response, they suffer. Microsegmentation plays a key role here, giving teams better visibility and control. But it is not just a technological problem, it is a government problem. Ensuring hybrid environments requires collaboration between security, operating and business units.
Security teams get to a stop point?
The burn is real, and it spreads quickly. The index shows that 61 per cent of New Zealand and 58 per cent of Australian security leaders report cyberburn signals on their teams. They are professionals in charge of defending themselves against incessant attacks, often outsourced and overloaded.
When stress is high, mistakes continue. Constant pressure and unrealistic expectations create a toxic environment that leads to supervision, fatigue and even resignation. A burned security team is no longer its first line of defense, it becomes its first vulnerability.
Justin Gray, Managing Director of Datacom New Zealand, summarized the urgency:
“Security is not just a technical challenge, it is a popular challenge. All must be informed, committed and accountable. It’s no longer optional.”
What can companies do now?
- Adopt a Zero Trust mindset: Assume breach. Verify every access request, internal or external.
- Educate your employees: Make cybersecurity part of the culture, not just a yearly training.
- Invest in AI wisely: Use it to augment defenses, but don’t neglect governance.
- Reinforce backups: Isolate and regularly test backup systems. Don’t assume they’re immune.
- Build resilience plans: Prepare for recovery, not just prevention.
- Support security teams: Address burnout before it impacts performance.
These are not only technical strategies, they are cultural. By 2025, cybersecurity was no longer a department. It is a mentality, a responsibility and a business imperative.
The key to Datacom’s report is: The gap between perception and reality is where the danger lies. Bridging this gap - through education, governance and strategic investment – will be the determining factor between those who survive a breach and those who suffer from it.
About The Author
