EDITOR ’ S QUESTION
WHAT IS THE CONSEQUENCE OF ORGANIZATIONS CONTINUING TO UNDERESTIMATE THE LEVEL OF DAMAGE CYBERTHREATS CAN DO AND WHAT CAN BE DONE TO AVOID THIS ?
A Sophos study of 900 business decision makers across Asia Pacific and Japan indicates COVID-19 accelerated a period of digitization and was a catalyst for improving cybersecurity , but systemic security issues persist .
Sophos , a global leader in next-generation cybersecurity , has announced the findings of the second edition of its survey report , The Future of Cybersecurity in Asia Pacific and Japan , in collaboration with Tech Research Asia ( TRA ). The study reveals that despite cyberattacks increasing , cybersecurity budgets have remained stagnant and executive teams continue to underestimate the level of damage threats can do to organizations .
Nearly 70 % of Asia Pacific organizations surveyed suffered a data breach in 2020 , an increase of 36 % from 2019 . Of these successful breaches , 55 % of companies rated the loss of data as either ‘ very serious ’ ( 24 %) or ‘ serious ’ ( 31 %). Nearly 17 % of organizations surveyed suffered 50 attacks , per week . While attacks are increasing in frequency and severity , cybersecurity budgets remained largely unchanged as a percentage of revenue between 2019 and 2021 . At the same time , 59 % of businesses stated that their cybersecurity budget is below where it needs to be , the same percentage it was in 2019 .
“ Ultimately , security is about right sizing the risk . If the risk increases , budgets should also increase , but in this climate of uncertainty , we ’ ve seen organizations take a conservative approach to security spending , which is impacting their ability to stay ahead of cybercriminals ,” said Trevor Clarke , Lead Analyst and Director at Tech Research Asia .
Across Asia Pacific and Japan ( APJ ), the number one frustration identified by companies is that executives assume cybersecurity is easy and that threats and issues are exaggerated . A lack of budget ranked second , followed by the struggle to fill cybersecurity roles .
Aaron Bugal , Global Solutions Engineer , Sophos , said : “ Our research highlights a disturbing attitude that needs to be tackled head on – executive teams claiming that cybersecurity incidents are exaggerated . It is confounding that this attitude prevails even when the end of 2020 showed us just how bad a global supply-chain attack could be . If that wasn ’ t enough , the more recent zero-day vulnerabilities in widely deployed email platforms demonstrates the desperate need for unification when it comes to cyber-resilience . Everybody needs to play a part . And to play a part , we all need to understand the risk .”
There has been nominal improvement on the cybersecurity skills gap issue in 2021 . Nearly 60 % of businesses agree that their company ’ s lack of cybersecurity skills is challenging for their organization , compared to 62 % in 2019 .
A lack of suitable staff and budget constraints continue to hinder organizations from obtaining the skills they require in-house . More than 60 % of companies struggle to recruit candidates with the necessary skills , which is only a 5 % improvement from 67 % in 2019 .
COVID-19 had a positive impact on cybersecurity , with 69 % of companies agreeing that the outbreak of COVID-19 was the strongest catalyst for upgrading cybersecurity strategy and tools in the past 12 months .
At the same time , just over half of organizations indicated they were unprepared for the security requirements driven by the sudden need for secure remote working at the onset of the pandemic .
32 INTELLIGENTCIO APAC www . intelligentcio . com