SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Businesses grappling with volatile and complex security landscape
Thu, 31st Aug 2023

Cloudflare has released a new study focused on cybersecurity in Asia Pacific. The report, called “Securing the Future: Asia Pacific Cybersecurity Readiness Survey,” shares the latest data on cybersecurity preparedness in the region, revealing how organisations are coping with rising volumes of cybersecurity incidents, their levels of preparedness, and the outcomes experienced.

These new findings report that the majority of organisations are not prepared to handle cybersecurity attacks, despite the fact that attacks are on the rise.

Organisations face rising volumes of cybersecurity incidents

The study, which was conducted across over 4,000 cybersecurity decision makers and leaders across Australia, China, Hong Kong SAR, India, Indonesia, Japan, Malaysia, New Zealand, the Philippines, Singapore, South Korea, Taiwan, Thailand, and Vietnam, found that 78% of respondents experienced at least one cybersecurity incident in the past 12 months.

Of those who experienced a cybersecurity incident, 80% reported four or more incidents. And, 50% experienced 10 or more cybersecurity incidents, with 72% forecasting an increase in the next 12 months.

Majority of organisations not prepared to respond to attacks, millions in losses and fines

Despite the increasing frequency of cybersecurity incidents, only 38% consider themselves highly prepared, with those in Healthcare (16%), Education (13%), Government (10%), and Tourism (10%) reporting they are most likely unprepared to withstand an incident.

What’s more, about 63% of survey respondents reported that the financial impact of cybersecurity incidents on their organisations was at least US$1M over the past 12 months, with 14% suffering a loss of more than US$3M.

Asia Pacific organisations were also concerned with regulatory action. 33% of respondents said their organisation reported breaches to the relevant authorities, with 26% paying a fine, and the same number facing legal action.

The study also shows talent constraints are still prevalent in the region, with a lack of talent cited by 60% of respondents when discussing challenges to cybersecurity preparedness.

Businesses contend with different forms of online attacks, while trying to secure a hybrid workforce

Survey respondents reported web attacks, phishing, Distributed Denial-of-Service (DDoS), insider threats, and stolen credentials as the cyber attacks they experienced in the past 12 months.

Respondents also ranked planting spyware as the primary goal of cyber criminals, followed by financial gain, data exfiltration, and ransomware.

Notably, the three most pressing challenges cybersecurity decision makers and leaders face are: securing a hybrid workforce (51%); defending against cyber attacks (48%); and deploying Zero Trust (42%).

More products do not mean more protection

Most of the respondents surveyed currently have between six and 15 products in their cybersecurity architecture, while larger organisations have almost twice as many, with 20 or more.

Juggling multiple solutions has somewhat negatively impacted effectiveness - hinting that organisations should be looking to simplify. In the study, only 39% of organisations with less than 15 solutions experienced 10 or more cybersecurity incidents.

However, 73% of those with more than 15 solutions experienced the same. On the other hand, 80% of organisations with less than 15 solutions were able to resolve incidents in less than 12 hours, while only 65% of those with more than 15 solutions have done the same.

Most organisations expect to increase budget in the next 12 months

In the past 12 months, 53% of survey respondents spent between 11% and 20% of their organisation’s entire IT budget on cybersecurity, while another 28% of respondents spent more than 20% of their total IT budget.

Healthcare, Transportation, and Finance were the industries that spent the most on cybersecurity, while Education, Gaming, Government, and Manufacturing spent the least.

When it comes to future plans, 67% of all respondents expect their cybersecurity budgets to increase in the next 12 months, while 22% expect to maintain their current spend.

Jonathon Dixon, Vice-President and Managing Director, Asia Pacific, Japan and China at Cloudflare, commented on the findings, “While preparedness is key, organisations continue to grapple with a cybersecurity landscape that’s more volatile and complex than ever."

"Simply increasing spend or adding more products isn't the answer for the best outcome either. It’s important to build a strong security culture that empowers business leaders to approach cybersecurity as a strategic imperative to every organisation, including technological and cost consolidation, in order to get the double benefit of spending less while having a more robust and simpler-to-manage cybersecurity infrastructure."