Hong Kong businesses are cutting costs on cybersecurity at a time when cyberattacks on remote workers are rising. As a result, companies may be taking on operational risks that can now derail their business. Sadly, many understand the dangers but are more concerned about survival.
In a recent Barracuda report titled “Brave the new normal: How companies in Asia-Pacific are overcoming security challenges in a remote workplace,” 49% of Hong Kong companies said they do not have an up-to-date security strategy or solutions covering all the vulnerabilities posed by remote working. In fact, 56% admitted that security takes a back seat when adopting remote working. The market report surveyed 1,055 business decision-makers in Australia, New Zealand, Singapore, Hong Kong, and India.
“While organizations are riding a wave of digital transformation to support the shift to remote working, many have been impacted by major security concerns that have emerged,” said James Forbes-May, vice president of APAC for Barracuda.
The report noted that 55% of companies surveyed had at least one data breach or cybersecurity incident since shifting to remote working. Forty percent reported that their employees experienced an increase in email phishing attacks, while 47% were concerned about unknown threats that will cause business disruption in the next six months.
“Despite this, security has taken a back seat in many organizations due to budget and resource constraints. Threat protection must get the attention it deserves to avoid causing reputational and financial damage at a time when most companies can least afford it,” he said.
Hong Kong companies are also scaling back their cybersecurity budgets despite the increase in attacks. The report showed that 58% cut their cybersecurity budgets to save costs. Lack of IT resources and time to upgrade was another key reason that 59% explained. The latter reason is the highest in the region.
Barracuda believed that it comes down to prioritizing spending on critical controls. This can include consolidating vendors, investing in SaaS-based tools, or assessing how automation could help free budget and security resources. It urged companies to rethink their cybersecurity spending cuts because remote working employees are more distracted, and their home devices and networks are less protected.
Training is another glaring issue. Half of the respondents said their employees were not adequately trained in the cyber risks associated with remote working. Also, 56% were not confident in the security of their web applications, which is another primary target for malicious third parties seeking to access corporate data.
The only good news is that Hong Kong companies are aware of what they are gambling with. When the business environment picks up, they may be in a position to improve it.
The report noted that 78% believed that cross-industry collaboration was vital to improving security standards. Eighty-two percent understood that they need to upgrade their IT infrastructure to improve visibility and productivity, while 74% planned to provide improved online cybersecurity training and awareness for remote working staff.
But will it be too late?
Image credit: iStockphoto/Nikolay Tsuguliev