It takes a chief to secure a tribe

The pandemic underscored the importance of digital transformation, and more than three years on, this train has yet to stop. According to a recent PwC report, 79% of CEOs in Asia-Pacific (APAC) plan to invest in digital transformation in the coming years.

However, the widespread adoption of digital transformation among businesses has exposed some vulnerabilities. Specifically, the disparity in cybersecurity maturity across APAC, along with inconsistent regulatory alignment, has exacerbated cybersecurity challenges in the region.

Outdated cybersecurity practices pose a significant threat to organisations. According to ExtraHop’s Global Cyber Confidence Index research, 75% of organisations in Singapore, Malaysia, and Indonesia reported that half of their cybersecurity incidents resulted from outdated practices.

Now, more than ever, businesses need to advance their cybersecurity strategies to defend against increasingly sophisticated cyberattacks. This raises the question: How can such a strategy be developed, and who is responsible for establishing it?

Complexities across markets

Cybersecurity best practices are essential for protecting businesses from data breaches. However, coordinating such practices across an organisation requires a strategic vision.

Such strategic vision is best driven by the Chief Information Security Officer (CISO). This leader is capable of creating a security roadmap that navigates the varying cybersecurity regulations in different regions.

CISOs in APAC are responsible for overseeing cybersecurity in some of the world’s most diverse communities. These communities feature a mix of ethnicities, languages, and cultures. Markets in this region have varying levels of cybersecurity maturity. If these differences are not adequately addressed, they can severely hinder a company’s cybersecurity strategy.

For businesses looking to enter emerging markets like Indonesia or Vietnam, it’s crucial to consider a range of cyber risks. These risks may not be present in more developed markets. For example, the Center for Digital Society has highlighted that Indonesia still lacks the IT infrastructure needed to combat cyberattacks due to insufficient regulations.

Conversely, Singapore has launched various cybersecurity initiatives under its “SG Cybersafe Programme.” These initiatives support businesses at different stages of cybersecurity maturity. Singapore’s Counter-Ransomware Taskforce has also united multiple government agencies. This positions the country to take international action against ransomware attacks

Bridge between technology and leadership

The drastic evolution of technologies like AI and ML has emphasised the need for robust security practices. This is true even if such practices are not mandatory in emerging markets.

Alongside this trend, there is a growing demand for CISOs with the technical expertise to communicate with cloud engineers and oversee transformation roadmaps. This need will become increasingly apparent as AI adoption in business operations continues to rise.

CISOs also act as a bridge between the technical jargon of cybersecurity teams and the business language used by the board and the C-suite.

A CISO’s understanding of market-specific business challenges, the ability to advocate for cybersecurity to senior leaders, and the technical skills to guide security teams are crucial for building a strong cybersecurity strategy.

In this context, the role of the CISO in boardroom discussions can no longer be ignored. The good news is that the number of CISOs with a seat on a corporate board is on the rise. According to a 2023 survey by Heidrick and Struggles, this number has increased from 14% in 2022 to 30% this year.

It’s a team game

The success of a CISO is not solely dependent on individual capability. It also hinges on having the right resources in place.

Major players in the banking sector have begun to proactively expand their cybersecurity teams. They are adding crucial roles such as head of security engineering and head of risk and regulatory.

Creating a comprehensive cybersecurity strategy demands clear communication and strong relationships. These relationships must be between senior leadership, IT, and even regulators. In this context, CISOs are expected to engage with various legal entity board directors to ensure regulatory compliance. Therefore, CISOs need to be skilled at managing conflict and adept at building relationships in unfamiliar business cultures.

Given these factors, it’s not surprising that 80% of CISOs are confident in their ability to invest in leadership and development to enhance team capabilities further.

High-calibre leadership for robust cybersecurity 

Businesses are in a constant race to innovate in the field of automation. The unfortunate reality is that cybercriminals are also evolving in sophistication.

The ever-changing threat landscape demands a well-defined and achievable cybersecurity strategy, led by a competent leader. Encouragingly, 82% of CISOs in the survey report receiving the necessary funding and executive support to build a robust cybersecurity strategy.

Maintaining this level of support will be the critical factor in navigating the varied levels of cybersecurity maturity in the Asian market. In this environment, CISOs must continue to adapt to the region’s complexities.