The retail sector in the Asia Pacific (APAC) region faces a disproportionate share of cyber incidents due to inadequate cybersecurity budgets, as highlighted by a recent Kaspersky study.
Unlike the global trend where critical infrastructure and energy sectors bore the brunt, APAC witnessed a surge in successful cyberattacks targeting the retail industry over the past two years, according to Kaspersky.
Insufficient cybersecurity investments have led to cyber incidents affecting 19% of companies in the region. A significant fraction (16%) confessed to lacking the budget for robust cybersecurity measures. Kaspersky’s study involved 234 respondents from APAC, shedding light on the impact of budget allocation and the human factor on cybersecurity within companies.
Kaspersky reveals APT group Lazarus’ software exploitation
Kaspersky detects spyware attacks in new malicious WhatsApp mod
The disparity in budget allocation is reflected in the cyber breach statistics across industries. Retail businesses topped the list, experiencing 37% of breaches due to budget constraints, followed by telecommunication companies (33%) and critical infrastructure sectors (23%).
Other industries
“E-commerce is expected to be a $2.05 trillion market in Asia Pacific toward the end of 2023,” said Adrian Hia, managing director for Asia Pacific at Kaspersky.” Retail being the industry that suffered most cyber incidents here makes sense as cybercriminals follow the money trail. These companies are part of the greater digitalization movement in the region and hold treasure troves of data, specifically financial ones.”
Acknowledging this threat landscape, Hia urged industries, particularly those handling critical information, to prioritize bolstering their cybersecurity budgets for the safety of their businesses and customer data.
However, there are industries experiencing relatively fewer cyber incidents due to budget constraints. The manufacturing industry faced 11% of incidents, while transport and logistics saw 9%.
Despite 83% of APAC respondents feeling equipped to combat new threats, a notable 16% struggle due to insufficient funds, with 2% lacking any dedicated cybersecurity budget.
Respondents indicated a proactive approach in the coming 1-1.5 years to strengthen cybersecurity. Popular investments include threat detection software (46%), educational programs for cybersecurity professionals (50%), and training for general staff (46%). Plans include endpoint protection software (42%), hiring more IT professionals (37%), and adopting SaaS cloud solutions (45%).