A new study by security company Palo Alto Networks, entitled ‘The State of Cybersecurity in Asia-Pacific’ revealed that cybersecurity budgets have increased for 92 per cent of organizations in India. It further stated that 71 per cent of Hong Kong respondents say cyberattacks have become more sophisticated, yet the biggest barriers they face in combating cybercrime are keeping up with available security solutions and the lack of security professionals.
This survey was conducted to help gain deep insights around behavior and attitudes towards cybersecurity throughout APAC. Mirroring Hong Kong, nearly half (46 per cent) of all companies surveyed across the region said they were unable to keep up with evolving cybersecurity solutions. On the other hand, 54 per cent of respondents in China cited this as the primary barrier to ensuring cybersecurity at their organisation and cited external users as the second-biggest challenge.
Key findings in India revealed:
- There has been recent growth in cybersecurity budgets: Businesses acknowledge the importance of ensuring business continuity amidst the persistence and growing sophistication of cyberthreats, and 92 per cent of organisations have increased their budget for cybersecurity in this financial year.
- Internal and external challenges contribute to cybersecurity issues: The three major cybersecurity challenges organisations face are employees’ lack of cybersecurity awareness (47 per cent), risk from third-party services (43 per cent) and migration to cloud (35 per cent).
- ‘Detect and respond’ approach overrules a ‘breach prevention’ strategy, but this needs to be revisited: 79 per cent of respondents indicated their organizations place more importance on detection and response of cyberthreats than prevention. Data breaches remain costly, meanwhile, with 41 per cent of respondents revealing they have lost at least INR 64,55,500 (US$100,000) in financial year 2016-17 due to such breaches. This raises question around the effectiveness of responding to threats only after incidents are detected, rather than taking a preventive stance.
- Cybersecurity measures adopted are rather basic: According to the survey, organisations predominantly adopt basic security measures. Respondents indicated the highest adoption rates for antivirus (77 per cent) and firewall (74 per cent), whereas anti-ransomware (37 per cent), two-factor authentication (35 per cent) and biometrics (46 per cent) have fallen on the lower end of the spectrum.
- Organisations are filling their need for dedicated cybersecurity talent: 95 per cent of Indian organisations feel they have a strong hold of dedicated IT teams against cyberthreats – a notably high figure compared to other APAC countries with only 84 percent. Manufacturing and finance sectors are the top verticals when it comes to ensuring they are well-equipped with a professional team to prevent cyberthreats.
‘Internal and external threats look like the biggest loophole causing organisations costly data breaches. Therefore, these organisations should revisit their cybersecurity strategy and assess whether the widely-adopted ‘detect and respond’ approach may be reacting to threats a little too late,” noted Sean Duca, Vice President and Regional Chief Security Officer, Asia-Pacific, Palo Alto Networks.
“As cyberthreats become increasingly sophisticated, businesses should ensure that networks are adequately secured with a next-generation security platform that looks at prevention rather than remediation,” Duca added.
Across the Asia-Pacific region, the key finding from the report is the need to promote greater cybersecurity awareness and education among organisations. The survey was conducted amongst more than 500 business professionals in APAC, covering Australia, China, Hong Kong, India and Singapore markets.