More Australian enterprises are adopting centralised, cloud-based cybersecurity strategies as AI-driven threats surge, says a new report from Information Services Group.
The 2025 ISG Provider Lens® Cybersecurity — Services and Solutions report for Australia finds that Australian organisations face increasingly sophisticated, AI-powered attacks but are hobbled in defending against them by overlapping cybersecurity solutions that fail to share information with each other. Many companies are simplifying their defenses while adopting AI tools for more effective, efficient security.
“While AI is starting to significantly change the way Australian companies operate, in the wrong hands, it can also cause serious harm,” said Michael Gale, partner and regional leader, ISG Asia Pacific. “Fortunately, service and solution providers are using AI to help enterprises detect and prevent attacks.”
Use of AI can expose organisations to malicious interference in the training of AI models, which can make models less reliable or cause them to produce biased or inaccurate predictions, ISG says.
Organisations in Australia are also increasingly concerned about a growing category of threats enabled by generative AI, especially through voice cloning and the creation of deepfake images, videos and audio clips. These can be used to steal money, extract sensitive information and damage reputations. Narrative attacks use these methods to create false or misleading narratives, including spreading misinformation about vaccines or elections.
In response, Australian companies are strengthening identity protection and integrating AI into security operations, the report says. GenAI and agentic AI are increasing the efficiency and productivity of security teams and helping enterprises address the shortage of cybersecurity skills.
Cloud security has emerged as a top priority for cybersecurity leaders in Australia after companies rapidly migrated to the cloud to enable remote work during the COVID-19 pandemic, ISG says. Security was often a secondary consideration in these transitions, so organisations kept traditional perimeter-based cybersecurity architectures in place. Now, many are taking a more distributed approach, focusing on endpoints and preventing cloud misconfigurations and vulnerabilities.
Read more: New report reveals how media visibility shapes CEO reputation in Australia
Enterprises in Australia have often ended up with multiple tools for endpoint detection and response (EDR) and identity and access management (IAM), along with many dashboards that lack integration, the report says. Increasingly, cybersecurity leaders in these companies are narrowing down their defensive systems to one or a few cloud-based platforms.
“Australian companies are trying to do more with less in cybersecurity,” said Andrew Milroy, lead author of the report. “Reducing complexity, minimising overlaps and engaging with a core set of qualified partners helps to mitigate risk.”
The report also examines other cybersecurity trends in Australia, including rising expectations for data retention and the recent extension of national cybersecurity requirements to more industries.
The 2025 ISG Provider Lens® Cybersecurity — Services and Solutions report for Australia evaluates the capabilities of 97 providers across six quadrants: Identity and Access Management (Global), Extended Detection and Response (Global), Security Service Edge (Global), Technical Security Services, Strategic Security Services and Next-Gen SOC/MDR Services.
The report names IBM as a Leader in five quadrants. It names Accenture, CyberCX, Deloitte, DXC Technology, Fujitsu, HCLTech, NTT DATA, PwC, Thales and Wipro as Leaders in three quadrants each.
Broadcom, EY, Fortinet, Infosys, Kyndryl, Microsoft and Palo Alto Networks are named as Leaders in two quadrants each. Cato Networks, Check Point Software, Cisco, CrowdStrike, CyberArk, Forcepoint, KPMG, ManageEngine, Netskope, Okta, One Identity (OneLogin), Ping Identity, SailPoint, Saviynt, SentinelOne, TCS, Tech Mahindra, Telstra, Trellix, Trend Micro, Versa Networks and Zscaler are named as Leaders in one quadrant each.
In addition, TCS is named as a Rising Star — a company with a “promising portfolio” and “high future potential” by ISG’s definition — in two quadrants. AC3, BeyondTrust, HPE (Aruba) and Sophos are named as Rising Stars in one quadrant each.
Adrianne Saplagio is a Content Producer at Comms Room, where she combines her passion for storytelling with her expertise in multimedia content creation. With a keen eye for detail and a knack for engaging audiences, Adrianne has been instrumental in crafting compelling narratives that resonate across various digital platforms.
