Lost deals prompt APAC firms to change security strategy

While most security executives in the Asia-Pacific (APAC) region view their cybersecurity defense positively, nearly half have lost deals due to customers’ lack of confidence in their strategy in the last 18 months, according to new research from LogRhythm.

The study presents findings from 1,176 cybersecurity professionals and executives globally, including Singapore, Malaysia, Indonesia, Japan, India, and Australia & New Zealand in APAC.

In this region, 85% of security executives rated their cybersecurity defense as good or excellent. Yet, 46% of companies faced customer confidence issues, prompting over nine in every 10 to adjust their cybersecurity strategy. 

Of companies that have lost deals due to customer confidence issues, 72% indicated that it happened in the last 18 months. This highlights a disconnect between security executives and their customers on the effectiveness of their cybersecurity defense, suggesting gaps in meeting customer expectations for data protection.

In response to the dynamic threat landscape, 98% of APAC respondents highlighted that they have changed their company security strategy in the last 12 months. AI utilisation (77%) for threat management and new security solutions was cited as the primary driver for change, with Indonesia leading this trend at 86%, the highest in APAC. 

The study also uncovered a rise in expectation for senior leaders to be accountable for security breaches, with 80% stating that cybersecurity leaders and CEOs should ultimately bear the responsibility for protecting against and responding to cyber incidents. 

Across the APAC region, this sentiment is most prominent in Japan, where 96% of respondents hold this view. The findings give credence that cybersecurity is now recognised as an integral component of business strategy and corporate governance, shifting away from its previous perception as a purely technical concern.

However, while executives are now expected to have greater responsibility over cybersecurity breaches, there remains a gap in communication between security teams and non-security executives. 

This disparity exists despite APAC cybersecurity teams, indicating that 90% possess the right tools to easily communicate the current security status to key stakeholders across teams, higher than the global average of 81%.

Specifically, 59% of APAC respondents faced difficulties in conveying the importance of particular security measures to non-technical executives. Meanwhile, only 61% agreed that non-security executives understand the company’s regulatory obligations. 

This communication barrier can result in misunderstandings regarding the value of investments in cybersecurity, potentially impacting the organisation’s readiness and response capabilities.

As businesses strive to protect themselves from evolving threats, their investments in cybersecurity are mirroring this effort. 84% of APAC respondents have noted an increase in their company’s cybersecurity budget in response to the changing threat landscape, higher than the global average of 76%. 

Furthermore, 84% expressed confidence in having the necessary resources — such as tools, personnel, expertise, and budget — to safeguard their company from cyberattacks.

When assessing the impact of these investments, security teams who experienced challenges in explaining the need for a specific security solution to non-security stakeholders, often fail to report on key operational metrics that determine the measurable impact of security investments and strategy adjustments. 

To this end, security reports mostly focused on critical data like breaches (75%), incidents (68%), and security risks (67%). Security operational metrics, such as time to detect (57%), time to respond (63%), and time to recover (47%) are featured less significantly in these reports.

Moreover, the majority of security teams are still relying on manual and time-intensive approaches to share security status information, including static reports (84%), meetings (76%), and emails (67%). This highlights a concern, given that to maintain effective communication, security teams need to be armed with improved case management metrics and advanced analytics to make informed decisions quickly.

“Our latest research reflects the ambitions of APAC organisations to keep pace with the region’s advanced digitisation efforts by ramping up their cybersecurity investments,” said Yen Nee Si, country manager for Asia at LogRhythm.

“However, APAC security teams continue to face challenges like communication gaps and the lack of metrics to measure the impact of cybersecurity investments, despite increasing budgets,” added Si.