Most APAC firms not ready vs rising cyberattacks

The majority of organisations in the Asia-Pacific region are not prepared to handle cybersecurity attacks, which are on the rise, a new report from Cloudflare shows.

This survey was conducted by Sandpiper Communications, a total of 4,009 cybersecurity decision makers and leaders across Australia, China, Hong Kong, India, Indonesia, Japan, Malaysia, New Zealand, the Philippines, Singapore, South Korea, Taiwan, Thailand, and Vietnam.

Findings show that 78% of respondents experienced at least one cybersecurity incident in the past 12 months. 

Of those who experienced a cybersecurity incident, 80% reported four or more incidents. Also, half experienced 10 or more cybersecurity incidents, with 72% forecasting an increase in the next 12 months. 

Despite the increasing frequency of cybersecurity incidents, only 38% consider themselves highly prepared, with those in healthcare (16%), education (13%), government (10%), and tourism (10%) reporting they are most likely unprepared to withstand an incident. 

About 63% of survey respondents reported that the financial impact of cybersecurity incidents on their organisations was at least US$1 million over the past 12 months, with 14% suffering a loss of more than $3 million. 

APAC firms were also concerned with regulatory action, with 33% of respondents saying they reported breaches to the relevant authorities; 26% paying a fine, and the same ratio facing legal action. 

The study also shows talent constraints are still prevalent in the region, with a lack of talent cited by 60% of respondents when discussing challenges to cybersecurity preparedness. 

Respondents reported web attacks, phishing, Distributed Denial-of-Service (DDoS), insider threats, and stolen credentials as the cyberattacks they experienced in the past 12 months. 

They also ranked planting spyware as the primary goal of cybercriminals, followed by financial gain, data exfiltration, and ransomware. 

The three most pressing challenges cybersecurity decision makers and leaders face are — securing a hybrid workforce (51%); defending against cyberattacks (48%); and deploying Zero Trust (42%). 

Most of the respondents currently have between six and 15 products in their cybersecurity architecture, while larger organisations have almost twice as many, with 20 or more. 

Juggling multiple solutions has somewhat negatively impacted effectiveness, hinting that organisations should be looking to simplify. 

In the study, only 39% of firms with less than 15 solutions experienced 10 or more cybersecurity incidents. However, 73% of those with more than 15 solutions experienced the same. 

On the other hand, 80% of organisations with less than 15 solutions were able to resolve incidents in less than 12 hours, while only 65% of those with more than 15 solutions have done the same. 

In the past 12 months, 53% of survey respondents spent between 11% and 20% of their organisation’s entire IT budget on cybersecurity, while another 28% of respondents spent more than 20% of their total IT budget. Healthcare, transportation, and finance were the industries that spent the most on cybersecurity, while education, gaming, government, and manufacturing spent the least. 

When it comes to future plans, 67% of all respondents expect their cybersecurity budgets to increase in the next 12 months, while 22% expect to maintain their current spend. 

“While preparedness is key, organisations continue to grapple with a cybersecurity landscape that’s more volatile and complex than ever,” said Jonathon Dixon, Cloudflare VP and managing director in APAC, Japan and China.

“It’s important to build a strong security culture that empowers business leaders to approach cybersecurity as a strategic imperative to every organisation, including technological and cost consolidation, in order to get the double benefit of spending less while having a more robust and simpler-to-manage cybersecurity infrastructure,” said Dixon.