New research has found that Australian organisations lead globally in detecting cyberattacks involving lateral movement but face significant challenges with alert fatigue, false positives, and operational downtime.
The 2025 Global Cloud Detection and Response Report by Illumio surveyed 1,150 cybersecurity leaders worldwide, including 150 respondents from Australia.
The study reveals that 97% of Australian organisations detected at least one incident of lateral movement by attackers in the past year, surpassing the global detection average of 90%.
Alert volume and investigation capacity
Australian cybersecurity teams are reporting a higher daily volume of security alerts than their international counterparts. On average, teams in Australia receive 2,061 alerts per day, which equates to roughly one alert every 42 seconds. As a result, 83% of Australian security professionals say they receive more alerts than they can adequately investigate, significantly above the global average of 67%.
The investigation process itself is hampered by the high rate of false positives.
Australian teams spend an average of 15.9 hours per week investigating alerts that ultimately prove not to be genuine threats. This is not only above the global average of 14.1 hours, but also affects the quality of threat response.
Among survey respondents, 85% of Australian leaders reported that time spent on false positives detracts from their ability to focus on real security threats, compared with 73% globally.
Operational downtime and alert consequences
The impact of these operational challenges extends beyond wasted effort.
On average, each lateral movement incident results in 8.0 hours of downtime for Australian organisations, compared to a global average of 7.1 hours. Missed or uninvestigated alerts have concrete ramifications: 98% of organisations in Australia reported negative impacts as a result, with 26% citing reputational damage-a considerably higher proportion than the 17% recorded globally.
Visibility and tooling challenges
Cloud detection and response tools have seen wide adoption across Australia, but the majority of respondents indicated shortcomings.
A total of 97% of Australian organisations reported limitations in their current security tooling, with insufficient context (45%) and high levels of alert fatigue (39%) identified as the most significant issues.
Furthermore, the report highlights an ongoing concern with network visibility. In Australia, 40% of network traffic is lacking sufficient context for confident investigation, which is above the global average of 38%. This lack of full visibility can hinder a security team’s ability to distinguish between benign and potentially malicious activity.
AI and automation in future plans
As organisations in Australia look toward 2026, increasing the adoption of artificial intelligence and automation in security operations is an emerging priority.
26% of Australian cybersecurity leaders now cite the deployment of AI and machine learning-driven capabilities as a top security objective, though this is somewhat below the global figure of 34%. Internationally, nearly 80% of respondents said they believe AI and machine learning will be essential for faster detection of lateral movement and for alleviating alert fatigue.
“In Australia, alarmingly high rates of incidents involving lateral movement, combined with some of the highest levels of alert fatigue globally, are a serious warning signal,” said Andrew Kay, Director of Systems Engineering APJ, Illumio.
“To keep pace, organisations will need to invest in AI-driven observability and automation to cut through the noise, contain breaches faster, and reduce operational strain.”
Research methodology
The research underpinning the report was conducted by Vitreous World on behalf of Illumio, surveying IT and cybersecurity decision-makers and key influencers across seven countries: the United States, United Kingdom, Germany, France, Australia, Brazil, and Japan. The fieldwork was undertaken between 1 and 13 August 2025.