Skills, education, resources: Major barriers to cybersecurity preparedness in APAC

In spite of the widespread data breaches involving high-profile companies and brands, the attitude toward cybersecurity still needs a lot of improvement. This is just one of the findings of the latest report sponsored by Sophos titled “The Future of Cybersecurity in Asia Pacific and Japan – Culture, Efficiency, Awareness.”

The Tech Research Asia (TRA) report is based on a comprehensive research program that included a quantitative survey of 900 cyber and information security decision-makers in Australia, India, Japan, Malaysia, the Philippines and Singapore which also involved interviews with industry experts. Data gathered five executive roundtables were also held in 2019 in Australia (2), India, Japan, and Malaysia are also included in the report.

In terms of security setup, maturity is not a strong point for many organizations in the region. The report said that less than one-third of respondents are at the top of “optimized” maturity level, meaning, they constantly monitor processes and implement security measures depending on the organizations’ unique needs.”

In the Philippines, 1% of Philippines firms have no cybersecurity maturity while 5% say their approach is untested and another 4% say their approach is ad hoc. The research also found out that two-thirds or 44% of respondents feel their organization does not have a cybersecurity team in place that could properly detect, investigate and respond to threats.

Of the countries surveyed, the research data suggests that India, Australia, and Singapore have higher levels of security maturity relative to Japan, Malaysia, and the Philippines. However, the research also revealed that 59% of companies in India and 47% in Australia said they don’t have a cybersecurity team in place that could properly detect, investigate and respond to threats

Skills shortage is just one of the issues facing the cybersecurity landscape in the region. Prioritization in budget allocation is another with over 50% of budgets that relate to cybersecurity sit outside of IT. Companies in the Philippines are showing improvement in terms of its view on security as the report says it shares the spot with India as having slightly above average allocation of cybersecurity budgets as an independent budget center.

In a move seen as pragmatic, the research found out that CTO one-third having a dedicated CISO, another third having cybersecurity led by an IT leader, and the remainder give responsibility to another executive. A similar split is evident in teams either being an independent and separate security team or constituting part of the IT department.

“According to the survey, more than 60% of respondents said they struggle with security education, recruiting skilled staff, and staying up to date with the evolving threat landscape,” Sophos said in the report. “All of this has resulted in a lack of visibility into security risk and an overestimation of respondents’ ability to defend their organizations.”

The cybersecurity firm suggests that organizations take a proactive security stance to achieve a mature security program.

“Today’s security teams need to understand that they cannot solely rely on prevention for all threats and that detection and
response are key,” it said. “This requires having the tools to effectively find suspicious activity and access to a network of security knowledge to interpret that information and lead them to appropriate corrective action.”