While much has been written about how unprepared we are for cybersecurity challenges, a new report showed that APAC companies are actually faring better.
Thirty-six percent of APAC companies reported successfully navigating current cybersecurity challenges in today’s remote-first world with software and cloud-first strategies. According to Cisco’s 2021 Security Outcomes Study for APJC, companies that regularly update their technology were the most likely to report successful security programs. Cisco defines APJC as Australia, China, Hong Kong, India, Indonesia, Japan, Malaysia, Philippines, Singapore, South Korea, Taiwan, Thailand, and Vietnam.
“Cybersecurity professionals face mounting pressure to make fast, informed decisions to secure and support the rapidly accelerated ‘work from anywhere’ model while battling a cyber threat landscape that is constantly adapting to exploit cracks in the system,” said Kerry Singleton, managing director for cybersecurity in APJC for Cisco.
Based on a double-blind, independently analyzed survey, the global study includes 2,110 cybersecurity, IT, and privacy professionals across 13 markets in the region. The results offer specific actions that cybersecurity professionals can take for greater success and help businesses decide where to focus their security efforts this year.
On average, companies with a proactive, tech refresh strategy are 15% more likely to report overall security success — the highest of any practice. This is most significant in China, where organizations doing this are 31% more likely to report successful security programs, followed by Thailand (30%), Australia (23%), and Japan (20%).
However, not all companies have the budget or expertise to make this happen, known as the “Security Bottom Line.” A strategy to migrate to the cloud and SaaS security solutions can help close this gap.
“Realizing that most companies do not always have the resources to invest across improving practices or culture, hiring more professionals or adopting additional technology, this study offers a guide that helps to map key security decisions to the most impactful outcomes,” Singleton added.
Where APAC cybersecurity programs struggle the most is in obtaining peer buy-in. One-third (33%) of companies reported successfully achieving it. Other challenges include minimizing unplanned work (34% success), retaining security talent (36% success), managing top risks (37% success), avoiding major incidents, and creating a security culture (both 38% success).
Beyond having a proactive, tech refresh strategy, a well-integrated technology stack was ranked as the second most crucial factor for cybersecurity success in the study. It has a positive impact on nearly every outcome evaluated, increasing the probability of overall success by an average of 7%. Interestingly, integrations also benefit the recruitment and retention of talent, as security teams want to work with the best technology and avoid burnout.
Integration is also the most significant factor in establishing a security culture that the entire organization embraces. Instead of traditional security training programs, which do not correlate with a positive culture, investment in flexible and frictionless technology is shown to have a more significant impact on overall security.
One surprising result is that IT and security “working together” appears to correlate the least with overall success. This seems surprising but may point to security being a part of many CIO’s IT priorities, implying cooperation is built-in and does not need extra management or measurement.
The study noted that it is also possible that companies view large IT projects such as Zero Trust or SASE/SD-WAN implementations as security-led and owned. In most cases, these efforts are cross-domain with IT and security collaboration essential.
Image credit: iStockphoto/ipopba