Meager security funds leave APAC retail firms defenseless

Critical infrastructure, oil and gas and energy firms across the world suffered the biggest number of cyber incidents due to improper budget allocation, representing a quarter of events that Kaspersky observed.

However, in the Asia-Pacific region, retail industry experienced the greatest number of successful cyberattacks in the 24 months covered by a Kaspersky survey.

Kaspersky engaged Arlington Research to conduct a study that involved 1,260 interviews with IT and IT security engineers across Brazil, Chile, China, Colombia, France, Germany, India, Indonesia, Japan, Kazakhstan, Mexico, Russia, Saudi Arabia, South Africa, Spain, Turkiye, the United Arab Emirates, the United Kingdom and the United States. There were 234 respondents that are based in APAC.

The latest survey also revealed 19% of companies in the region have experienced cyber incidents due to insufficient cybersecurity investment in the last two years. 

When it comes to companies’ finances, nearly one-in-five (16%) admit they do not have the budget for adequate cybersecurity measures. 

The situation is different for every industry. For example, retail organisations suffered the greatest number of cyber breaches because of the lack of budget (37%), followed by telecommunication companies (33%) and critical infrastructure, energy, oil and gas sector (23%).

Retail “companies are part of the greater digitalisation movement in the region and hold treasure troves of data, specifically financial ones,” said Adrian Hia, managing director for APAC at Kaspersky.

“I encourage all industries in APAC, especially those that handle critical information, to allot better cybersecurity budget to ensure the safety of their businesses, and most importantly, of their customers’ sensitive data,” Hia added.

Meanwhile, some industries showed a smaller number of cyber incidents. Manufacturing industry suffered 11% of cyber incidents due to budget constraints, while transport and logistics saw 9% of them. 

When asked about the budget for cybersecurity measures, a majority (83%) of respondents from APAC said they are equipped to keep up with or even stay ahead of new threats. 

However, 16% of companies are not doing so well – 15% report that they don’t have sufficient funds to protect the company’s infrastructure properly.

At the same time, there are still companies without cost allocations for cybersecurity at all – 2% claimed they don’t have a dedicated budget for cyber protection needs.

The most successful industry in APAC in terms of proper monetary distribution for cybersecurity are financial services – all of respondents working in this sphere claim their organisations are set to keep up with and stay ahead of all new threats. 

Many respondents’ companies are eager to take steps to strengthen their cybersecurity in the next 12 to 18 months. One of the most popular areas of investment is threat detection software (46%), and trainings, where half (50%) of companies plan to allocate budgets for educational programs for cybersecurity professionals and 46% for training general staff.

Other popular measures organisations plan to take soon are introducing endpoint protection software (42%), hiring additional IT professionals (37%) and adopting SaaS cloud solutions (45%). 

Ivan Vassunov,  Kaspersky VP for corporate products, said companies must align cybersecurity investment with a business strategy and consider cybersecurity as one of their business goals. 

“Of course, investments must justify themselves and be effective, so the information security department also faces the task of increasing the ROI of investments in information security and defending investments to senior management or the board of directors,” said Vassunov.