The results of the second annual RSA Cybersecurity Poverty Index revealed that 74 percent organisations in the Asia Pacific & Japan (APJ) region face a significant risk of cyber incidents.
RSA - the security division of EMC - surveyed more than 200 respondents in the region to self-assess the maturity of their cybersecurity programmes by using the NIST Cybersecurity Framework (CSF) as the measuring stick.
The CSF outlined five key areas including Identity, Protect, Detect, Respond, and Recover. Respondents used a five-point scale to rate their own capabilities with one indicating the organisation had no capability in a given area, and five signifying it had highly mature practices in the area.
The research found that only 23 percent of polled organisations considered their cybersecurity strategy mature, while 70 percent said they had experienced cyber incidents that negatively impacted their business operations in the past year.
Additionally, organisations across the region delay their investment in cybersecurity until a major incident like on that impacts critical business assets. RSA noted the inability of companies to quantify their Cyber Risk Appetite - or the risks they face and its potential impacts in the organisation - makes it difficult to prioritise mitigation and investment.
The results of the index also underscored the urgency for small businesses to improve their cybersecurity strategies to better defend themselves against advanced threats.
However, it was found that majority of small businesses with less than 1,000 employees (85 percent) are not prepared for today's threats versus mid-sized companies with between 1,000-10,000 employees (61 percent), and large organisations with more than 10,000 employees (65 percent).
RSA said the wide gap in defence capabilities between large and small organisations open a risk for smaller businesses to become a prime target for today's threats.
"The results of this research provide insight into how the APJ region can improve its overall cybersecurity maturity. Over the next few years, we are bound to face more vulnerabilities as technology and internet penetration in the region is set to grow in parallel alongside sophisticated cyber threats. Especially so in Southeast Asia, which is now the world's fastest-growing Internet region globally, where the internet user base is expected to double to 480 million by 2020," said Nigel Ng, Vice President of RSA in APJ, in a press release.
The index found that strongest reported maturity levels of organisations in the region is in the area of protection while response and detection were ranked least. In essence, RSA said businesses must move beyond conventional and advance their approaches to cybersecurity.
"It is more important than ever for organisations of all sizes to acknowledge weaknesses, review their cybersecurity strategies and move beyond conventional approaches - like perimeter-based protection -- when thinking about security," explained Ng.
Sign up for CIO Asia eNewsletters.