Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Only 45 percent of APAC enterprises proactively conduct cyber risk assessments

Adrian M. Reodique | Feb. 7, 2017
But 80 percent of them are confident of their cyber resilience, according to LogRhythm-Frost & Sullivan study.

Majority of organisations (80 percent) in the Asia Pacific (APAC) region are confident that their corporate data has not been compromised, and 50 percent believe it will not be compromised within the next 12 months.

This is according to a survey commissioned by security intelligence company, LogRhythm, titled "Exploring Cyber Security Maturity in Asia: A study of Enterprise Corporate Executives, IT Executives & IT Practitioners' Perceptions towards Cyber Security Readiness in Asia Pacific".

The survey conducted by Frost & Sullivan polled 400 IT decision makers in Australia, Hong Kong, Malaysia, and Singapore to better understand the cyber resilience of organisations in the region and how they can adopt an integrated approach on cybersecurity.

It was found that even though organisations are confident of their cyber resilience, more than half of them (55 percent) do not conduct a risk assessment study or will only do so if there is a breach or a suspected breach.

"It is encouraging to hear that APAC enterprises are confident about their resilience against cyberthreats. However, these enterprises must ensure that their sense of confidence is not misplaced by proactively conducting cyber risk assessment within their organisation," said Bill Taylor-Mountford, Vice President APAC and Japan for LogRhythm, in a press release.

He added a risk assessment study can help organisations accurately understand their place in the security maturity model. "This is by far, the best way to measure an organisation's cyber resilience. The survey revealed that organisations in the region, are rather more complacent - performing risk assessment test only after a breach."

Meanwhile, companies indicated budgetary constraints and the lack of prior history experiencing a major breach as the main barriers to implement a 24/7 cyber threat system. Respondents are thus likely to outsource if the system becomes necessary, especially for companies in Hong Kong. Enterprises in Malaysia and Singapore prefer to manage it in-house.

"A passive stance and legacy threat detection software do not suffice if we want to win the war against cybercrime. To do this effectively, more enterprises need to shift from a reactive model focusing on perimeter defense tools to a holistic approach combining security intelligence, analytics and human expertise. This is therefore no longer a choice, but a necessity," advised Charles Lim, Industry Principal Analyst for Frost & Sullivan.


Sign up for CIO Asia eNewsletters.