The Index – which draws on a survey of more than 500 security leaders across Australia – shows 77% of Australian security leaders believe they have sufficient visibility across risks, vulnerabilities and compliance, with 70% reporting they have the resources to deal with a cyber‑attack. Despite this confidence, however, only 32% of Australian organisations have a business continuity or cyber incident response plan in place – a figure that rises to 36% for large enterprises but drops to 29% for SMBs.
“Australian organisations have built powerful radar but many still lack a safe runway when an incident hits,” says Mark Hile, Managing Director, Infrastructure Products, Datacom.
“The focus must shift from ‘monitor and escalate’ to ‘engineer and stabilise’. Resilience is now the differentiator - rehearsed response, clear delegations and time‑to‑recovery metrics that business leaders understand.”
Recovery optimism vs reality Leaders commonly anticipate full recovery within days, yet complex incidents routinely take weeks or months. Datacom’s analysis shows prolonged recovery is not due to a lack of alerts, but untested plans, fragmented tooling, supply‑chain visibility issues and unclear decision-making authority.
“What separates organisations that recover in days from those that take months isn’t detection capability – it’s practice,” says Collin Penman, Chief Information Security Officer, Datacom.
“A plan that’s never been tested isn’t a plan. Regular exercises build muscle memory, so response becomes automatic, coordinated and fast in the event of a cyber incident.”
The 2026 Index shows organisations have invested heavily in detecting and mitigating cyber threats but far less in response and remediation mechanisms. Detection maturity has advanced faster than resilience and business continuity planning.
Several of the security practices most critical for day-to-day operations have achieved relatively strong maturity levels in Australia, with just over half of organisations rating themselves as “proactive and optimised” or “fully optimised and continuously improving” in Threat-Informed Defence (51%) and Cyber Intelligence Driven Prioritisation (51%).
These results suggest many Australian organisations have established solid operational foundations but are still progressing toward the level of resilience required to absorb disruption and recover at speed.
Encouragingly, 97% of Australian organisations report having partial or full automation in incident detection and response, signalling the market is structurally ready for the next wave of AI-enabled cybersecurity tools, including autonomous investigation agents, orchestration agents and decision support agents for analysts.
These intelligent systems can help turn detection into action by stabilising systems during disruption, coordinating response across teams, and accelerating recovery when incidents occur.
Data sovereignty has become an increasing concern for Australian organisations, particularly those operating in regulated sectors, such as Security of Critical Infrastructure Act-regulated entities. The Index found 65% of Australian organisations are concerned about sovereignty and the long‑term viability of in‑country AI compute capacity.
Despite these concerns, data shows limited movement away from offshore‑based platforms, and government efforts remain measured compared with regions such as the EU or South Korea.
“Sovereignty is no longer a theoretical conversation – it’s a practical risk assessment,” says Hile.
“Australian organisations want confidence that their data, their compute capacity and their critical workloads will remain available and under their control, regardless of what happens globally. The answer isn’t isolation, it’s smart partnership, combining local infrastructure, trusted regional capability and global technologies engineered for resilience.”
Australian leaders again rank AI‑based attacks and phishing as their top concerns, with attackers increasingly weaponising automation and deepfakes to compress attack timelines from weeks to hours. Legacy applications also remain a major vulnerability.
The Index highlights a notable shift in security operating models.
MSSP alignment has decreased, with only 45% of Australian organisations reporting an active MSSP partnership, down from 55% last year. This signals a reassessment of the traditional MSSP model to support resilience. This will demand co‑sourced, modern, automated security operations centres (SOCs) working alongside internal teams.
Priorities for 2026 remain consistent - with threat detection and monitoring followed by data protection, and then identity and access protection, as the top three.
Responsibility for cybersecurity remains concentrated within IT and security teams, placing ongoing pressure on limited human resources. This pressure is reflected in burnout rates: 36% of Australian security leaders report burnout within their teams, driven by event overload, compliance complexity and finite staff capacity.
Download the 2026 Cybersecurity Index: datacom.com/cybersecurityindex
