Barely a quarter of SE Asia firms ready vs cyberthreats

Only 23% of organisations in Southeast Asia have the “mature” level of readiness needed to be resilient against today’s modern cybersecurity risks, according to Cisco’s Cybersecurity Readiness Index.

The index has been developed against the backdrop of a post-COVID, hybrid world, where users and data must be secured wherever work gets done. 

Conducted by an independent third-party, the double-blind survey covered 6,700 private sector cybersecurity leaders across 27 markets including six markets in Southeast Asia — Indonesia, Malaysia, the Philippines, Singapore, Thailand and Vietnam. 

Companies were then classified into four stages of increasing readiness: “beginners” are at initial stages of deployment of solutions; and “formative” ones have some level of deployment, but performing below average on cybersecurity readiness.

“Progressive” ones see a considerable level of deployment and are performing above average on cybersecurity readiness; and “mature” ones have achieved advanced stages of deployment and are most ready to address security risks.

Among the companies surveyed, 5% are beginners, 39% are formative. Globally, 15% of companies are at a mature stage. 

Also, 90% of respondents said they expect a cybersecurity incident to disrupt their business in the next 12 to 24 months. 

The cost of being unprepared can be substantial, as 64% of respondents said they had a cybersecurity incident in the last 12 months, and 45% of those affected said it cost them at least US$500,000. 

“While companies in ASEAN are doing better than their global counterparts on their levels of security preparedness, more needs to be done,” said Bee Kheng Tay, Cisco president in ASEAN. 

She added that as the ASEAN region gears up to become the fourth largest economy by 2030, the index is a reality check for organisations to ensure that cybersecurity is foundational to any digitalisation effort to bolster growth and innovation.

Further, business leaders must establish a baseline of “readiness” across the five security pillars to build secure and resilient organisations. 

This need is especially critical given that 90% of the respondents plan to increase their security budgets by at least 10% over the next 12 months. 

By establishing a base, organisations can build on their strengths and prioritise the areas where they need more maturity and improve their resilience. 

On protection of identity, only 25% of organisations are ranked mature. On devices, 39% of devices are mature and close to half (47%) are in the beginner or formative stages.

Companies are lagging on the network security front with 45% of firms in the beginner or formative stages.

Yet, companies are the least prepared on application workloads, with 54% in the beginner or formative stages.

On data, although more than half (57%) of companies are in the mature or progressive stage, progress is needed as 16% are beginners.

“Taking an integrated platform approach to security which entails a zero-trust strategy, full-stack observability, and end-to-end visibility can help organisations achieve security resilience while reducing complexity in a hybrid world,” said Juan Huat Koo, cybersecurity lead of Cisco in ASEAN.