Sophos, a global leader in next-generation cybersecurity, announced the findings of the second edition of its survey report, The Future of Cybersecurity in Asia Pacific and Japan, in collaboration with Tech Research Asia (TRA). The study reveals that despite cyberattacks increasing, cybersecurity budgets have remained stagnant and executive teams continue to underestimate the level of damage threats can do to organisations.
Attacks rise, budgets stay the same
44% of Malaysian organisations say they fell victim to a successful cybersecurity attack in the last 12 month and nearly 50 per cent of organisations surveyed suffered 1 to 10 attacks, per week. According to Deputy of Communications and Multimedia Minister Datuk Zahidi Zainul Abidin, local incidents involving cybersecurity have increased by 109 per cent since the COVID-19 outbreak .
While attacks are increasing in frequency and severity, cybersecurity budgets remained largely unchanged as a percentage of revenue between 2019 and 2021. At the same time, 54 per cent of businesses in Malaysia stated that their cybersecurity budget is below where it needs to be, a slight improvement from 60 per cent in 2019.
“Ultimately, security is about right sizing the risk. If the risk increases, budgets should also increase, but in this climate of uncertainty, we’ve seen organisations take a conservative approach to security spending, which is impacting their ability to stay ahead of cybercriminals,” said Trevor Clarke, lead analyst and director at Tech Research Asia.
The top frustrations of Asia Pacific and Japan companies reflect boardroom indifference
Across Asia Pacific and Japan (APJ) the number one frustration identified by companies is that executives assume cybersecurity is easy and that cybersecurity threats and issues are exaggerated. A lack of budget ranked second, followed by the struggle to fill cybersecurity roles.
“The end of 2020 showed us just how bad a global supply-chain attack could be and when this was followed by the more recent zero-day vulnerabilities in widely deployed email platforms, it is clear that the boardroom needs to lead by example and demonstrate unification when it comes to cyber resilience. Every employee from the top down is responsible for cybersecurity,” said Wong Joon Hoong, Country Manager, Sophos Malaysia.
The industry skills shortage continues to create challenges in Malaysia
Nearly 60 per cent of Malaysian businesses agreed that their company’s lack of cybersecurity skills is challenging for their organisation with nearly 50 per cent agreeing that their organisation doesn’t have the team in place to properly detect, investigate and respond to security incidents. This signifies there is a gap in cybersecurity skills in Malaysia.
However, recruiting quality cybersecurity talent remains a challenge. A lack of suitable staff and budget constraints continue to hinder organisations from obtaining the skills they require in-house. 68 per cent of companies in Malaysia struggle to recruit candidates with the necessary skills.
COVID-19’s impact on remote working accelerated transformation, but exposed vulnerabilities
COVID-19 had a positive impact on cybersecurity, with 71 per cent of companies agreeing that the outbreak of COVID-19 was the strongest catalyst for upgrading cybersecurity strategy and tools in the past 12 months.
At the same time, 59% of businesses in Malaysia agreed that they were unprepared for the security requirements that were driven by the sudden need for secure remote working caused by COVID-19.
“COVID-19 compelled companies to refresh their cybersecurity strategies, yet the transformational shift to remote working also exposed additional weaknesses. Businesses have transformed their workplace environments, undergone an accelerated period of digitisation, yet continue to confront systemic cybersecurity issues, including executive apathy, low budgets and a lack of skilled cybersecurity professionals.
“Despite improvements made, progress remains slow, reinforcing our belief that cybersecurity is never ‘finished’ and requires a constant focus, both from technological and cultural viewpoints,” said Trevor Clarke.