APAC businesses defenseless vs 2 in 5 cyberattacks

Firms in the Asia-Pacific region (APAC) could not prevent 41% of cyberattacks on their businesses, only successfully stopping 59% of cyberattacks over the past two years, according to Tenable.

Thus, organisations have had to rely on reactive measures rather than preventing attacks from occurring in the first place.

Tenable engaged Forrester Consulting, which surveyed 825 cybersecurity and IT leaders globally, including 219 in APAC.

The study further revealed that 76% of APAC respondents believe their organisation could better combat cyberattacks with more resources dedicated to preventive cybersecurity. 

However, 61% indicated that their cybersecurity teams spend the majority of their time addressing immediate threats, hindering them from adopting a proactive stance.

The findings indicate that significant challenges arise not just from external threats, but also from inherent issues within the organisation’s own structure and operations.

APAC organisations were also struggling to identify the right threats to remediate, with only 20% of respondents reporting they are “extremely confident” that their organisation’s cybersecurity practices were successfully reducing their risk exposure. 

An even lower 15% were “extremely confident” that the vulnerabilities they prioritised for remediation over the past year were ones that posed the greatest threats to the organisation.

Nigel Ng, VP of Tenable in APAC and Japan, said, that the study underscores the urgent need for APAC organisations to bolster their preventive measures to staunch the bleeding before it begins. 

“While there are no quick fixes to the challenges firms are facing, examining the disparity between low-maturity and high-maturity organisations across the overall sample shines a light on the roadmap towards enhanced cybersecurity, said Ng. 

“By learning from high-maturity organisations, embracing data aggregation, and cutting down on reactionary measures, APAC organisations can pivot towards a more preventive cybersecurity stance, reducing their risk profile substantially,” added Ng.

Finding also show that low-maturity organisations globally are more likely to be stuck in reactive mode. In the past 12-24 months, high-maturity organisations preventively defended against 61% of the attacks they experienced and reactively mitigated against the rest. 

In low-maturity organisations, 56% of attacks were preventively defended while 44% were reactively mitigated.

High-maturity organisations globally see the value in data aggregation, with 57% using aggregation tools to collect and analyse data to quantify risk exposure, compared with only 46% of low-maturity organisations.

Also, high-maturity organisations globally spend far less time each month producing reports for business leaders than their low-maturity counterparts, with 57% of high-maturity organisations saying it takes 11 hours or more to produce such reports, compared with 72% of low-maturity organisations.