• 23 percent of organizations in Asia Pacific experienced a downtime of 24 hours or more after their most severe cybersecurity breach compared to just 4 percent globally
  • 23 percent of companies saw a financial impact of 2.5 million dollars or more from their most significant breach in the past year

Singapore, October 1, 2019 — Organizations in Asia Pacific are facing longer downtimes and higher financial costs from cybersecurity breaches, compared to the global average, according to Cisco’s 2019 Asia Pacific CISO Benchmark Study, released today.

According to the study, 23 percent of companies in Asia Pacific experienced a downtime of 24 hours or more after their most severe breach in the past one year, compared to just 4 percent globally. The Asia Pacific number is a dramatic increase from 2018, when 9 percent of organizations in the region suffered downtime of 24 hours or more.

Longer downtimes often result in higher financial costs. This was evident across the region as 23 percent of companies said their most significant breach in the past year cost them 2.5 million dollars or more, compared to 15 percent globally.

The study, based on close to 2,000 security professionals from across the region, highlights that security practitioners in Asia Pacific are being kept busier than their global counterparts. Globally, 35 percent of respondents reported receiving more than 10,000 threat alerts a day. In Asia Pacific, that figure is 46 percent.

With the number of cyber threats increasing rapidly, the real challenge lies in what comes after the alert is received. How many of the alerts are investigated, and how many of those found to be genuine are eventually remediated.

There has been a decline on those fronts. According to the study, companies in Asia Pacific investigated 44 percent of the threats (down from 56 percent in 2018). Of the threats that were investigated and found to be genuine, only 38 percent were remediated (down from 53 percent in 2018).

Stephen Dane, Managing Director of Cybersecurity, Asia Pacific, Japan and Greater China, Cisco, said: “As digital maturity and adoption increases across the Asia Pacific region, we will see more users and devices come online. While this means greater opportunity for businesses, it also means that the attack surface will increase exponentially, exposing businesses to more threats and cyber risks. Security can no longer be an afterthought; it needs to be the underlying foundation behind the success of any digitalization effort.”

Cyberattacks are evolving rapidly. Hackers are no longer just targeting IT infrastructure, but have started to attack operational infrastructure, intensifying the challenge for companies. In Asia Pacific, 25 percent of respondents have already experienced an attack on their operational infrastructure (versus 21 percent globally), and 73 percent expect this trend to increase in the next year (versus 64 percent globally).

The study also highlights that the use of multiple vendors is adding to the complexity for security professionals. According to the study, 41 percent of companies in Asia Pacific are using more than 10 vendors, compared to 39 percent globally, and 6 percent are using more than 50 vendors, compared to 3 percent globally.

When asked how challenging it is to manage a multi-vendor environment, 88 percent said it was somewhat or very challenging to orchestrate multiple vendor alerts. This is in line with the global trend, with 79 percent of respondents across the world highlighting this as an issue.

“Complexity due to a multi-vendor environment and the increased sophistication of businesses with OT networks and multi-cloud adoption continue to challenge security practitioners in Asia Pacific. As organizations look to reduce the impact of a cybersecurity breach, they need a simplified and systematic approach to security in which solutions act as a team, and learn, listen and respond as a coordinated unit,” said Stephen Dane.

“One way for organizations to simplify security is by considering a Zero Trust approach which looks at security in three key areas—workforce, workload and workplace. Doing so enables organizations to protect users and their devices against stolen credentials, phishing and other identity-based attacks, manage multi-cloud environments and contain lateral movement across the network,” added Jeff Reed, Senior Vice President, Product, Security Business Group, Cisco.

Other key regional trends that emerged from the study include:

  • The top three barriers for adopting advanced security technologies in Asia Pacific are budget constraints (35 percent), lack of trained personnel (29 percent) and lack of knowledge about advanced security processes and technology (29 percent).


Supporting resources

Read the report here: https://cisco.com/sg/2019benchmarkreport