According to IDC’s Security and Trust Study 2022 69% of CEOs in Asia-Pacific (excluding Japan) are now engaged in cybersecurity interactions either weekly (37.2) or bi-weekly (31.5%), supporting the ongoing importance of cybersecurity to the business.
IDC cautioned that complexity, legacy, and ill-defined roles and responsibilities still hamper more effective approaches to addressing this complex issue.
Key findings are that the ongoing complexity of IT systems, along with evolving regulations are the major challenges faced by IT security professionals. While the C-Suite is paying more attention to the issue of security, there are many infrastructural issues across people and processes that, unless the C-Suite decides to address them, will continue to be problematic.
"Even today most security technology acquisitions are reacting to the current perceived threat, and this has been the case for many years now," says Simon Piff, VP of Trust and Security Research, IDC Asia/Pacific.
He added that "What is required is a more strategic and holistic approach to addressing the myriad of threats and challenges, whilst moving to simplify the technology stack and its integrations.
“Key technologies such as AI/analytics, security automation, and cybersecurity infrastructure modernisation are low on the investment agenda, where the focus is on risk management, KPIs, and development of processes," continues Piff.
What lies ahead
Complexity and legacy IT, along with changing regulations, are the major challenges to achieving trust. However, a lack of senior management support in terms of helping define roles as responsibilities adds to the challenges.
Risk management, and especially cybersecurity risk management maturity, is still lacking regionally. While C-suite engagement is increasing, ongoing risk monitoring is addressed by around half of all organisations, and infrequently.
Technology acquisition plans are mostly focused on advanced identity management, whereas cloud and data security investments are also high on the agenda.
Key technologies, such as artificial intelligence (AI)/analytics, security automation, and cybersecurity infrastructure modernisation, are low on the investment agenda in which the focus is on risk management, key performance indicators (KPIs), and the development of processes.
