While nearly 70% of Asia Pacific organisations suffered a cyberattack in 2020 — an increase of 36% from 2019, 59% of businesses said that their cybersecurity budget is below where it needs to be, said Sophos recently when releasing results of a study of 900 business decision makers across Asia Pacific and Japan,
- Of these successful breaches, 55% of companies rated the loss of data as either “very serious” (24%) or “serious” (31%). Nearly 17% of organisations surveyed suffered 50 attacks, per week.
- While attacks are increasing in frequency and severity, cybersecurity budgets remained largely unchanged as a percentage of revenue between 2019 and 2021.
- At the same time, 59% of businesses stated that their cybersecurity budget is below where it needs to be, the same percentage it was in 2019.
“Ultimately, security is about right sizing the risk. If the risk increases, budgets should also increase, but in this climate of uncertainty, we’ve seen organisations take a conservative approach to security spending, which is impacting their ability to stay ahead of cybercriminals,” said Trevor Clarke, lead analyst and director at Tech Research Asia.
Boardroom indifference towards cyberattacks
The top frustrations of Asia Pacific and Japan companies reflect boardroom indifference, Sophos pointed out
Across the region, the number one frustration identified by companies is that executives assume cybersecurity is easy and that cybersecurity threats and issues are exaggerated. A lack of budget ranked second, followed by the struggle to fill cybersecurity roles.
The research highlights a disturbing attitude that needs to be tackled head on — executive teams claiming that cybersecurity incidents are exaggerated, said Aaron Bugal, global solutions engineer, Sophos.
“It’s confounding that this attitude prevails even when the end of 2020 showed us just how bad a global supply-chain attack could b, Bugal pointed out. “If that wasn’t enough, the more recent zero-day vulnerabilities in widely deployed email platforms demonstrates the desperate need for unification when it comes to cyber resilience. Everybody needs to play a part. And to play a part, we all need to understand the risk.”
There has been nominal improvement on the cybersecurity skills gap issue in 2021, according to Sophos.
Nearly 60% of businesses agree that their company’s lack of cybersecurity skills is challenging for their organisation, compared to 62 percent in 2019, the firm said.
A lack of suitable staff and budget constraints continue to hinder organisations from obtaining the skills they require in-house, the firm added.
More than 60% of companies struggle to recruit candidates with the necessary skills, which is only a five percent improvement from 67% in 2019.