The continuing Covid-19 pandemic is widely credited to have accelerated digital transformation around the world and catalyzed improvements in cybersecurity posture across industries. However, the latest study from global cybersecurity leader Sophos reveals that persisting systemic constraints prevent executive teams from fully understanding the risks and damages posed by today’s cyberattack vectors on most organizations.
The study titled “The Future of Cybersecurity in Asia Pacific and Japan,” was undertaken by Sophos with collaboration from Tech Research Asia. Some 900 business decision-makers across Asia Pacific and Japan participated in the preliminary survey.
Attacks rise, budgets remain the same
Nearly 70 percent of Asia Pacific organizations surveyed suffered a data breach in 2020, an increase of 36 percent from 2019. Of these successful breaches, 55 percent of companies rated the loss of data as either “very serious” (24 percent) or “serious” (31 percent).
Nearly 17 percent of organizations surveyed suffered 50 attacks, per week.
Meanwhile, as attacks increased in frequency and severity, cybersecurity budgets between 2019 and 2021 remain largely unchanged as a percentage of revenue. Furthermore, 59 percent of businesses stated that their cybersecurity budget is below where it needs to be, the same percentage it was in 2019.
In a press statement, Trevor Clarke, lead analyst and director at Tech Research Asia, said cybersecurity is all about right sizing the risk. An increase in risk should have a proportional increase in budgets which, in the present climate of uncertainty, isn’t happening. Rather, organizations are taking a conservative approach with respect to cybersecurity spending that, in turn, could severely hamper their ability to stay ahead of cybercriminals.
Top management indifference a source of frustration
Across Asia Pacific and Japan, companies express frustration with executives as a number one cybersecurity hurdle. Industry leaders assume cybersecurity is easy and that cybersecurity threats and issues are largely exaggerated.
Aaron Bugal, global solutions engineer at Sophos, argued that executive teams claiming that cybersecurity incidents are overstated reflects a disturbing attitude that needs to be seriously addressed. It’s even made confounding by the fact that the attitude prevailed even when at the end of 2020, a global supply-chain attack showed just how bad a cyber breach can be.
On top of that, the more recent zero-day vulnerabilities in widely deployed email platforms demonstrates the desperate need for unification when it comes to cyber resilience. It’s high time everybody plays a part and to play a part means an understanding of the gravity of the risks and threats posed by current cyberattack vectors.
Skills shortage, mounting challenges
The latest Sophos study also found out that there has been nominal improvement on the cybersecurity skills gap issue in 2021. Nearly 60 percent of businesses agrees that their company’s lack of cybersecurity skills is challenging for their organization, compared to 62 percent in 2019.
The absence of suitable staff in tandem with budget constraints definitely hinders organizations from employing the skills they require in-house. More than 60 percent of companies struggle to recruit candidates with the necessary skills, which is only a five percent improvement from 67 percent in 2019.
At best, the Covid-19 pandemic may have a positive impact in upgrading the cybersecurity strategy and tools in a period of growing acceptance of digital transformation.
Unfortunately, the pandemic also exposed that most organizations are unprepared to respond squarely to the new security demands of online transactions, remote working and distance education prompted by the very same culprit — the Covid-19 pandemic.