Computer Emergency Response Team (CERT) Australia is urging companies that haven't migrated off the Windows XP operating system (OS) to start doing so because they are at increased risk of network vulnerability.
The 2013 Cyber Crime and Security Survey received responses from 135 businesses that partner with CERT Australia.
The survey found that 13 per cent of respondents had no plans to migrate off XP, despite support and patching ending on 8 April 2014.
In addition, 8 per cent of businesses surveyed did not know if they had IT security plans in place.
"Anecdotal reports indicate that cyber criminals have been stockpiling new XP attacks, waiting for support to end," read the survey.
Of the organisations using XP, 79 per cent had migrated to new software.
XP was launched in October 2001. According to Microsoft, it has been supported for more than 12 years -- longer than any other Windows OS.
Microsoft Australia's commercial product marketing manager, Emmanuele Silanesu, told Computerworld Australia in January 2014 that a full migration off XP can take up to six months, depending on the organisation's size.
"Businesses will need to take into account the size of their employee base, the number of existing apps currently in use as well as the data that will need to be migrated. All these aspects can be roadblocks to the migration path and add time to the process," he said at the time
Turning to other areas of concern, the report found that 61 per cent of businesses surveyed did not have cyber security incidents identified in their risk register.
"This may be linked with the identified need for management and CEOs to improve their IT security skills, practices and perhaps awareness," read the report.
Commenting on this, Attorney-General George Brandis said that cyber security should be considered a "CEO or board issue" and not just an information security issue.
"Importantly, the survey indicates the cyber security conversation is shifting from being only about technology to also recognising social, behavioural and cultural factors," he said in a statement.
For example, 60 per cent of respondents said that IT staff, the CEO and board of directors needed to improve their cyber security skills or practices.
This was because 57 per cent of respondents said the main internal factors that contributed to cyber security incidents were staff errors.
According to the report, 51 per cent of business surveyed said external targeted attacks had contributed to incidents, while the remaining 49 per cent indicated that third party risks were making their business potentially vulnerable.
"Constant review and improvement is important as there has been an overall increase in the number of cyber security incidents experienced by businesses, most of which have been targeted rather than random or indiscriminate attacks," said Brandis.
Sign up for CIO Asia eNewsletters.