SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Only 23% SEA companies ready to defend against cybersecurity threats
Wed, 29th Mar 2023
FYI, this story is more than a year old

Only 23% of organisations in Southeast Asia have the Mature level of readiness needed to be resilient against today's modern cybersecurity risks, according to Cisco's first-ever Cybersecurity Readiness Index. 

The index has been developed against the backdrop of a post-COVID, hybrid world, where users and data must be secured wherever work gets done. The report highlights where businesses are doing well and where cybersecurity readiness gaps will widen if global business and security leaders don't take action.

Organisations have moved from an operating model that was largely static where people operated from single devices from one location, connecting to a static network to a hybrid world in which they increasingly operate from multiple devices in multiple locations, connect to multiple networks, access applications in the cloud and on the go, and generate an enormous amount of data. This presents new and unique cybersecurity challenges for companies.

Cisco Cybersecurity Readiness Index: Resilience in a Hybrid World

The Cisco Cybersecurity Readiness Index: Resilience in a Hybrid World report measures the readiness of companies to maintain cybersecurity resilience against modern threats. These measures cover five core pillars that form the baseline of required defenses: identity, devices, network, application workloads, and data, and encompasses 19 different solutions within the pillars.

Conducted by an independent third-party, the double-blind survey asked 6,700 private sector cybersecurity leaders across 27 markets including 6 markets in Southeast Asia Indonesia, Malaysia, the Philippines, Singapore, Thailand and Vietnam to indicate which of these solutions they had deployed and the stage of deployment. Companies were then classified into four stages of increasing readiness: Beginner, Formative, Progressive and Mature.

Beginner (Overall score of less than 10): At initial stages of deployment of solutions 
Formative (Score of between 11 44): Have some level of deployment, but performing below average on cybersecurity readiness
Progressive (Score of between 45 75): Considerable level of deployment and performing above average on cybersecurity readiness
Mature (Score of 76 and higher): Have achieved advanced stages of deployment and are most ready to address security risks

Alongside the stark finding that only 23% of companies in Southeast Asia are at the Mature stage, almost half (44%) of companies fall into the Beginner (5%) or Formative (39%) stages meaning they are performing below average on cybersecurity readiness. Globally, 15% of companies are at a Mature stage.   

This readiness gap is telling, not least because 90% of respondents said they expect a cybersecurity incident to disrupt their business in the next 12 to 24 months. The cost of being unprepared can be substantial, as 64% of respondents said they had a cybersecurity incident in the last 12 months, and 45% of those affected said it cost them at least US $500,000.

"Security resilience is non-negotiable today as organisations operate in a hybrid, always-on world. Organisations must take notable steps to close the security readiness gap as the threat landscape evolves and expands. While companies in ASEAN are doing better than their global counterparts on their levels of security preparedness, more needs to be done," says Bee Kheng Tay, President, ASEAN, Cisco. 

"As the ASEAN region gears up to become the fourth largest economy by 2030, the index is a reality check for organisations to ensure that cybersecurity is foundational to any digitalisation effort to bolster growth and innovation.

Business leaders must establish a baseline of readiness across the five security pillars to build secure and resilient organisations. This need is especially critical given that 90% of the respondents plan to increase their security budgets by at least 10% over the next 12 months. By establishing a base, organisations can build on their strengths and prioritise the areas where they need more maturity and improve their resilience.

"Organisations today operate in an app-driven, interconnected world that has created even greater cybersecurity complexity," says Juan Huat Koo, Cybersecurity Lead, ASEAN, Cisco.

"With companies in ASEAN being least mature in the protection of identity and application workloads, business leaders need to make a conscious effort to protect critical data and their range of platforms and services, or risk enormous losses for the business and consumers. 

"Taking an integrated platform approach to security which entails a zero-trust strategy, full-stack observability, and end-to-end visibility can help organisations achieve security resilience while reducing complexity in a hybrid world." 

Readiness across the five key pillars
Identity: Only 25% of organisations are ranked 
Mature Devices: While this has the highest percentage of companies in the Mature stage at 39%, close to half (47%) are in the Beginner or Formative stages   
Network Security: Companies are lagging on this front with 45% of organisations in the Beginner or Formative stages   
Application Workloads: This is the pillar where companies are the least prepared, with 54% of organisations in the Beginner or Formative stages   
Data: Although more than half (57%) of companies are in the Mature or Progressive stage, progress is needed as 16% are in the Beginner category