Australian organisations are reporting some of the highest rates of cyber threat detection globally, according to recent findings from Illumio’s 2025 Global Cloud Detection and Response Report.
The study, which surveyed over 1,100 cybersecurity leaders worldwide – including 150 from Australia – found that nearly all Australian respondents (97%) had identified at least one incident involving lateral movement by cyber attackers in the past year.
This detection rate is notably higher than the global average of 90%, highlighting the advanced monitoring capabilities present within Australian firms.
Despite strong detection capabilities, Australian cybersecurity teams are experiencing significant operational pressures due to the volume of security alerts.
On average, teams in Australia are processing over 2,000 alerts daily, equating to an alert roughly every 42 seconds.
This high frequency has led 83% of Australian professionals to report that they are inundated with more alerts than they can thoroughly investigate, a figure that surpasses the global average of 67%.
False positives further complicate the situation. Australian teams spend an average of 15.9 hours each week investigating alerts that ultimately do not represent real threats, exceeding the global average of 14.1 hours.
The time spent on these false alarms has a direct impact on the ability to address genuine risks, with 85% of local respondents stating that this workload detracts from their focus on actual security incidents.
Operational downtime is another area where Australian organisations are feeling the effects of cyber threats.
Each incident involving lateral movement results in an average of eight hours of downtime, compared to 7.1 hours globally.
The consequences of missed or unaddressed alerts are tangible, with 98% of Australian organisations acknowledging negative impacts.
Notably, 26% reported reputational harm, a higher proportion than the 17% seen internationally.
While cloud-based detection and response tools are widely used across the sector, most Australian respondents identified gaps in their current security solutions.
Nearly all (97%) cited limitations, with insufficient contextual information and alert fatigue being the most frequently mentioned issues.
Additionally, 40% of network traffic in Australia is said to lack the context needed for confident investigation, slightly above the global average. This lack of visibility can hinder the ability of security teams to distinguish between harmless and potentially malicious activity.
Separate research from Sophos and Tech Research Asia, as published in “The Future of Cybersecurity in Asia Pacific and Japan,” indicates that 78% of Australian organisations are dealing with ongoing cybersecurity burnout.
The main drivers include a rise in cyber threats, resource constraints, and increasingly complex regulatory requirements.
Aaron Bugal, field chief information security officer for Asia-Pacific and Japan at Sophos, said: “Cybersecurity stress and burnout are more than just operational concerns – they’re cultural, strategic, and deeply human challenges.”
Looking ahead, Australian organisations are increasingly considering artificial intelligence and automation as part of their security strategies.
About a quarter (26%) of local cybersecurity leaders identified AI and machine learning as key priorities for the coming year, although this is below the global average.
Internationally, nearly four in five respondents believe these technologies will be essential for improving detection speeds and reducing alert fatigue.
Andrew Kay, director of systems engineering APJ at Illumio, commented that the frequency of lateral movement incidents and the significant alert fatigue reported in Australia represent a clear indication of the challenges facing local organisations.
“To keep pace, organisations will need to invest in AI-driven observability and automation to cut through the noise, contain breaches faster, and reduce operational strain,” he said, as reported by Security Brief Australia.
