7 in 10 APAC CEOs Are Now ‘Engaged’ With Cybersecurity
- By CDOTrends editors
- April 26, 2022
In its latest Security and Trust Study, IDC reports that 69% of CEOs in the Asia Pacific region, excluding Japan (APeJ), are now engaged in cybersecurity interactions either weekly (37.2%) or bi-weekly (31.5%).
However, despite this increased awareness, many companies are still struggling to effectively address the challenge of cybersecurity due to several infrastructural issues. These include the ongoing complexity of IT systems, evolving regulations, and the lack of clear roles and responsibilities in cybersecurity.
IDC says that companies need to take a holistic and integrated approach to cybersecurity to address these challenges effectively. This means involving all stakeholders in the companies, from the C-Suite down, in cybersecurity strategy and implementation decisions. It also means taking a more proactive and preventative approach to cybersecurity rather than simply reacting to security incidents after they have occurred.
"Even today, most security technology acquisitions are reacting to the current perceived threat, and this has been the case for many years now," says Simon Piff, VP of trust and security research, IDC Asia/Pacific. "What is required is a more strategic and holistic approach to addressing the myriad of threats and challenges whilst moving to simplify the technology stack and its integrations. Key technologies such as AI/analytics, security automation, and cybersecurity infrastructure modernization are low on the investment agenda, where the focus is on risk management, KPIs, and development of processes," Piff adds.
Another major challenge for CEOs is ensuring that the right people are in charge of cybersecurity within their company and kept up to date with the latest developments.
In a 2021 report, LogRhythm found that 60 percent of respondents wanted cybersecurity leaders in APAC to report directly to the CEO. However, just six percent of security CEOs follow this practice. They are typically three levels removed from the CEO, making it more challenging to ensure that the leadership has a thorough and accurate knowledge of its security risks.
Image credit: iStockphoto/gorodenkoff