Cyber attacks outpacing budgets as businesses stay stuck in recovery mode
Cyber attacks outpacing budgets as businesses stay stuck in recovery mode
Cyber attacks are shutting down business operations for days at a time, delaying critical projects and damaging customer trust.
Many organisations now take more than a week to recover from incidents, leaving themselves exposed to fast-moving threats and stalling digital transformation, according to a new IDC white paper.
Despite pouring resources into AI, cloud, and analytics, most organisations are still bolting cyber security on too late, creating systemic risks that delay projects, damage trust, and weaken competitiveness.
BDO cyber security leader Leon Fouche said the problem is one of mindset as much as money.
“Budgets are no longer the primary barrier. The real issue is that security is too often treated as an afterthought,” he said
“If you wait until execution or, worse, until after an incident, you’ve already lost valuable ground. Cyber security has to move upstream and be embedded from the very start of transformation.”
The report revealed the average organisation now takes more than four days to respond to a cyber incident and more than seven to fully recover.
Even companies with readily available or flexible budgets reported multiple incidents every year.
“Throwing money at the problem doesn’t guarantee protection,” Leon said.
“What matters is how effectively those budgets are applied. What is needed is continuous monitoring, automation, and disciplined processes that shorten response times and limit damage.”
The rise of generative AI has added urgency, with nearly half of organisations reporting greater susceptibility to phishing, data leakage, and governance gaps.
“GenAI is an extraordinary tool for innovation, but it’s also a gift to adversaries,” Leon said.
“Without strong oversight, training, and access controls, businesses risk exposing sensitive data and amplifying social engineering attacks. The need to act has never been more urgent.”
Leon said the lesson is clear: operational resilience depends on closing the execution gap between strategy and practice.
“Organisations that build cyber maturity into their culture and governance, supported by real-time detection and proactive risk management, will be the ones who thrive.
“Cyber security is no longer a compliance box to tick; it’s a decisive driver of competitiveness and trust.”
For media enquiries:
Tate Papworth
Manager, Media
E: Tate.Papworth@bdo.com.au
Ph: 0433411189