After witnessing organizations and enterprises experience major data breaches for the past years, companies in Southeast Asia (SEA) now consider data protection as a top priority when it comes to challenges related to IT security. This and more findings were uncovered by the annual Kaspersky Global Corporate IT Security Risks Survey.
Among the other urgent cybersecurity issues identified by the respondents are keeping relationships with partners and customers in the age of digitalization and ensuring compliance of staff with security policies and regulatory requirements. Security issues related to cloud infrastructure adoption and the cost of securing increasingly complex technology environments are also considered as stumbling blocks for some businesses.
“The past few years have shown and proved the ugly and costly aftermaths of a successful cyberattack. From the $81-million heist against a central bank to a data breach leaking names of HIV cases, our past offers timeless lessons on cybersecurity which organizations and businesses in all shapes and sizes should definitely learn from,” said Yeo Siang Tiong, GM, Kaspersky, Southeast Asia.
Based on the interviews conducted with nearly 300 IT business decision-makers in SEA last year, companies fear data loss and being exposed to a targeted attack the most (34%), followed by electronic leakage of data from internal systems (31%).
Have you read “Kaspersky offers free security solutions for six months to healthcare institutions“?
Another 22% of the survey respondents admitted their distress toward the possibility of surveillance or espionage by competitors. Also, 2-in-10 of firms in the region admitted that they are worried about identifying and remedying vulnerabilities in IT systems they use.
Incidents affecting IT infrastructure hosted by a third party and inappropriate IT resource use by employees are both critical concerns for some 18% of companies in the region.
“It is encouraging to see that local companies are starting to prioritize IT security. In fact, our research showed that, on average, businesses in the region are currently spending $14.4 million to build their cybersecurity capabilities. 84% of the professionals we surveyed also confirmed plans to increase the budget for this area in the next three years which is really important in this era where networks are becoming more advanced and complex, thanks to breakthrough technologies like Internet of Things, 5G, and the rapid adoption of Industry 4.0,” Yeo said.
Almost 5-in-10 of the respondents cited increased complexity of IT infrastructure as a factor for the expected budget markup. Companies surveyed also noted that the increment aims to improve the level of specialist security expertise (46%) and is due to new business activities or expansion (39%).
To help companies in their budgeting process and in making the most out of their security investments, Kaspersky recommends to:
- Assess your company’s cybersecurity risks when planning your budget. Consider the cost to the company and the probability of their occurrence
- Rely on expertise. Decisions about the purchasing of cybersecurity tools or services should not be taken by one person. Before this stage, an expert analysis should be made that reveals the best option for the best price.
- Involve higher management in cybersecurity matters, including budgets and make sure to speak to them in their language. Don’t tell them how cybersecurity works, show them the business risks and the amount of money they can lose by not improving cybersecurity.
- Use a free tool by Kaspersky to check your budget benchmark. Enter your company’s region, size and industry to see the average budget for similar companies to yours.
- Start with a sturdy foundation, a dedicated endpoint product that demands minimum management allowing employees to do their main job but protects from malware, ransomware, account takeover, online fraud and scams such as Kaspersky Endpoint Security for Business.
- Further build your cybersecurity capability with security solutions and services founded with in-depth threat intelligence.