If the reaction to the increase in cyber threats, in terms of budget, is any indication, some companies in the Philippines could not be bothered. The latest survey of security solutions firm Sophos finds that “there is no expected increase in the median percentage of technology budgets spent on cybersecurity, which is at 10%.
The survey “The Future of Cybersecurity in Asia Pacific and Japan,” conducted in collaboration with Tech Research Asia, also states that this trend is expected to remain the same for the next 24 months. A ray of hope at least because 44% of Philippine respondents are aware that their cybersecurity budget is currently below the ideal allocation.
However, the survey also finds that the Philippines has the most considerable percentage of organizations claiming to have the highest cybersecurity maturity level in the region (30%).
The survey reveals more than one-third (31%) of respondents admitted to having suffered a data breach in 2020, higher than the 24% in 2019. Earlier reports from various security vendors point to the exploitation of the pandemic, the virus, and now the vaccine. Still, the figure is much lower than the average of 44% for the Asia Pacific and Japan (APJ) region.
Also, the report finds as much as 39% of the attacks were severe, with more than half (55%) taking longer than a week to remediate.
“Ultimately, security is about right-sizing the risk. If the risk increases, budgets should also increase. Yet, in this climate of uncertainty, we’ve seen organizations take a conservative approach to security spending, which is limiting their ability to stay ahead of cybercriminals,” said Trevor Clarke, lead analyst and director at Tech Research Asia.
Indifference to cybersecurity
The survey also revealed that the top frustration among those surveyed is that cybersecurity hasn’t reached the priority list of executives believing that “cybersecurity is easy and that cybersecurity threats and issues are overblown.”
The inadequate budget allotment is the second frustration followed by skills gap.
“Our research highlights a disturbing attitude — executive teams claiming that cybersecurity incidents are exaggerated,” said Aaron Bugal, global solutions engineer of Sophos. “It is confounding that this attitude prevailed even when the end of 2020 showed us just how bad a global supply-chain attack could be. If that weren’t enough, the more recent zero-day vulnerabilities in widely deployed email platforms would demonstrate the desperate need for unification in cyber resilience. Everybody needs to play their part as we all need to understand and mitigate the risk.”
Cybersecurity skills gap
The cybersecurity skills gap continues to be a problem for businesses in the Philippines. Nearly 45% of Philippine businesses have said that a lack of cybersecurity skills is challenging for their organization.
While a lack of qualified staff and budget constraints continue to hinder organizations in the Philippines from obtaining the skills they require in-house, there is a slight improvement in recruiting skilled cybersecurity professionals with almost half of the organizations (48%) surveyed said they struggled to recruit candidates with qualified skills in 2020, compared to 62% in 2019.
Remote working exposed vulnerabilities
COVID-19 had a positive impact on cybersecurity, with 73%t of Philippine companies agreeing that the outbreak of COVID-19 was the most robust catalyst for upgrading cybersecurity strategy and tools in the past 12 months.
At the same time, 41% of local organizations indicated they were unprepared for the security requirements driven by the sudden need for secure remote working at the pandemic’s onset.
“COVID-19 compelled companies to refresh their cybersecurity strategies, yet the transformational shift to remote working also exposed additional weaknesses. Businesses have transformed their workplace environments, undergone an accelerated digitization period, yet continue to confront systemic cybersecurity issues, including executive apathy, low budgets, and a lack of skilled cybersecurity professionals.
“Despite improvements made, progress remains slow, reinforcing our belief that cybersecurity is never ‘finished’ and requires a constant focus, both from technological and cultural viewpoints,” Clarke said.