The 2021 EY Global Information Security Survey (GISS) reports that businesses are now exposed to more and increasingly sophisticated cyberattacks with 73% of respondents reporting an increase in the number of disruptive attacks.
Yet over half (57%) of Asia-Pacific businesses are unsure if their cybersecurity defences are strong enough to combat hackers’ new strategies.
Smallish budget
Forty-seven per cent warn their organization’s budget is inadequate to manage challenges that have emerged over the past 12 months
The cyber spending of Asia-Pacific businesses remains low at just 0.05% of their annual revenue, on par with the global average of 0.04%.
The low allocation of budget to counter cybersecurity risk is surprising, given that 73% of Asia-Pacific companies warn of an increase in the number of disruptive attacks, such as ransomware, over the last 12 months, compared to 47% in the previous GISS report.
Forty-eight per cent of the respondents (48%) are more concerned than they have ever been about their company’s ability to manage cyber threats, higher than their counterparts in the Americas (41%).
Cybersecurity investments are out of sync with the need
About two-fifths (41%) of businesses in Asia-Pacific expect to suffer a major breach that could have been avoided through better investment, higher than in the Americas (29%).
EY Asia-Pacific Cyber Leader Richard Watson says businesses are planning a new wave of technology investments to thrive in the post-COVID-19 era.
“If cybersecurity is left out of investment discussions, the threat will continue to grow in the years to come. They should consider sharing the cost of cybersecurity across the business to support transformation,” he added.
Increased cyber risk in pandemic-era transformation
The majority of cyber leaders in the region say they have never been as concerned as they are now about their ability to manage the cyber threat, slightly higher than the global average of 43%.
More than half (56%) say their organizations have sidestepped cyber processes to facilitate new requirements around remote or flexible working.
Steve Lam, EY ASEAN Cybersecurity Leader opines that organizations are realizing that the stop-gap technology solutions deployed during the initial stages of lockdowns are inadequate for the security needs of the new normal.
He added that with some parts of Southeast Asia still in lockdown, the acute shortage and high turnover rates for cybersecurity talent in local markets further compound the challenge for CISOs in Southeast Asia.
“There is a unique opportunity to harness the ongoing business and technology transformation in response to the COVID-19 pandemic and undertake cyber transformation to build a future-ready cybersecurity model if the CISO is able to overcome the talent challenges,” he continued.
Turning crisis into an opportunity
The essential relationships between cybersecurity leaders in Asia-Pacific and other functions in the business lack positivity and strength, according to the survey.
Almost 80% of respondents in the region say cybersecurity teams are not always consulted or briefed in a timely manner until after the planning stage has finished, slightly higher than the global average of 76%.
Meanwhile, 71% of Asia-Pacific cybersecurity leaders would describe their relationships with business owners as being neutral or negative, while just over four in ten (44%) say their dealings with the marketing and HR functions are poor.
Only 20% of organizations in the region include cybersecurity in the planning phase of any digital transformation program. Respondents believe that the lines of business recognize cybersecurity’s traditional strengths, such as in controlling risk, but they do not always perceive the function as a strategic partner.
“CISOs must make difficult decisions, realigning cybersecurity requirements to better meet changing business needs after the COVID-19 pandemic. Mapping cybersecurity strategy and their organization’s risk profile against business and IT goals will ensure alignment and cement strategic relationships between CISOs, CEOs and the rest of the C-suite.”
“At a time of greater distrust and with the cyber function being under more scrutiny than ever, CISOs have an opportunity to better demonstrate the strategic importance of their role and raise their profiles within the business, especially in the aftermath of the pandemic,” Watson concluded.
