"Education plays a role. So I would say that it's key that organisations focus on developing curriculums, education curriculums and educate each user on their role, what cybersecurity means and what's the expected behaviour from them," he said.
In addition, Ashjari noted that companies need to hold their security team accountable on measurable key performance indicators (KPIs) of their services, such as how fast they can respond to cyber threats and how well they provide protection.
He added that IT vendors must be accountable in driving outcomes from the solution they provide to the company to avoid extra spending on same kind of technologies.
Sign up for CIO Asia eNewsletters.