Intelligent CISO Issue 37 | Page 27

WHAT IS THE CONSEQUENCE OF ORGANISATIONS CONTINUING TO
UNDERESTIMATE THE LEVEL OF DAMAGE CYBERTHREATS CAN DO AND WHAT CAN BE DONE TO AVOID THIS ?
editor ’ s question

WHAT IS THE CONSEQUENCE OF ORGANISATIONS CONTINUING TO

UNDERESTIMATE THE LEVEL OF DAMAGE CYBERTHREATS CAN DO AND WHAT CAN BE DONE TO AVOID THIS ?

? ophos , a global

S leader in nextgeneration cybersecurity , has announced the findings of the second edition of its survey report , The Future of Cybersecurity in Asia Pacific and Japan , in collaboration with Tech Research Asia ( TRA ). The study reveals that despite cyberattacks increasing , cybersecurity budgets have remained stagnant and executive teams continue to underestimate the level of damage threats can do to organisations .

Nearly 70 % of Asia Pacific organisations surveyed suffered a data breach in 2020 , an increase of 36 % from 2019 . Of these successful breaches , 55 % of companies rated the loss of data as either ‘ very serious ’ ( 24 %) or ‘ serious ’ ( 31 %). Nearly 17 % of organisations surveyed suffered 50 attacks per week .
While attacks are increasing in frequency and severity , cybersecurity budgets remained largely unchanged as a percentage of revenue between 2019 and 2021 . At the same time , 59 % of businesses stated that their cybersecurity budget is below where it needs to be , the same percentage it was in 2019 .
“ Ultimately , security is about right-sizing the risk . If the risk increases , budgets should also increase , but in this climate of uncertainty , we ’ ve seen organisations take a conservative approach to security spending which is impacting their ability to stay ahead of cybercriminals ,” said Trevor Clarke , Lead Analyst and Director at Tech Research Asia .
Across Asia Pacific and Japan ( APJ ), the number one frustration identified by companies is that executives assume cybersecurity is easy and that threats and issues are exaggerated . A lack of budget ranked second , followed by the struggle to fill cybersecurity roles .
Aaron Bugal , Global Solutions Engineer , Sophos , said : “ Our research highlights a disturbing attitude that needs to be tackled head-on – executive teams claiming that cybersecurity incidents are exaggerated . It is confounding that this attitude prevails even when the end of 2020 showed us just how bad a global supply-chain attack could be . If that wasn ’ t enough , the more recent zero-day vulnerabilities in widely deployed email platforms demonstrates the desperate need for unification when it comes to cyber-resilience . Everybody needs to play a part . And to play a part , we all need to understand the risk .”
There has been nominal improvement on the cybersecurity skills gap issue in 2021 . Nearly 60 % of businesses agree that their company ’ s lack of cybersecurity skills is challenging for their organisation , compared to 62 % in 2019 .
A lack of suitable staff and budget constraints continue to hinder organisations from obtaining the skills they require in-house . More than 60 % of companies struggle to recruit candidates with the necessary skills , which is only a 5 % improvement from 67 % in 2019 .
The pandemic had a positive impact on cybersecurity , with 69 % of companies agreeing that the outbreak of COVID-19 was the strongest catalyst for upgrading cybersecurity strategy and tools in the past 12 months .
At the same time , just over half of organisations indicated they were unprepared for the security requirements driven by the sudden need for secure remote working at the onset of the pandemic . www . intelligentciso . com
27