Avatar

News Summary:

  • APJC organizations that proactively upgrade technology report more security success, highlighting the importance of software and cloud-first strategies
  • Implementing well-integrated security technologies is inextricably linked to attracting and retaining the best talent
  • Training alone is not the most effective way to establish a successful company-wide security culture

Thirty-six percent of Asia Pacific (APJC) organizations reported successfully navigating current cybersecurity challenges in today’s remote-first world with software and cloud-first strategies. According to Cisco’s 2021 Security Outcomes Study for APJC, organizations that regularly update their technology were the most likely to report successful security programs.

The global study, which is based on a double-blind, independently analyzed survey, includes 2,110 cybersecurity, IT and privacy professionals across 13 markets in APJC. The results offer specific actions that cybersecurity professionals can take for greater success and help businesses decide where to focus their security efforts this year.

On average APJC organizations that have a proactive, tech refresh strategy are 15% more likely to report overall security success – the highest of any practice. This is most significant in China, where organizations doing this are 31% more likely to report successful security programs, followed by Thailand (30%), Australia (23%) and Japan (20%).

However, not all organizations have the budget or expertise to make this happen, also known as the “Security Bottom Line”. A strategy to migrate to cloud and SaaS security solutions can help close this gap.

The study further finds that APJC cybersecurity programs struggle the most with obtaining peer buy-in, with one-third (33%) of organizations reporting successfully achieving it. This is followed by minimizing unplanned work (34% success); retaining security talent (36% success); managing top risks (37% success), and avoiding major incidents and creating security culture (both 38% success).

Other key findings in APJC from the report include:

  • A well-integrated technology stack is the second most important factor for cybersecurity success.  It has a positive impact on nearly every outcome evaluated, increasing the probability of overall success by an average of 7%. Interestingly, integrations also benefit the recruitment and retention of talent, as security teams want to work with the best technology and avoid burnout.
  • Integration is also the most significant factor in establishing a security culture that the entire organization embraces. Instead of traditional security training programs, which do not correlate with a positive culture, investment in technology that is flexible and frictionless is shown to have a greater impact on overall security.
  • As a standalone practice, IT and security “working together” appears to correlate the least with overall success.This seems surprising but may point to security being a part of many CIO’s IT organizations, implying cooperation is built-in and does not need extra management or measurement. It’s also possible that organizations view large IT projects such as Zero Trust or SASE/SD-WAN implementations as security-led and owned. In most cases, these efforts are cross-domain with IT and security collaboration essential.

“Cybersecurity professionals face mounting pressure to make fast, informed decisions to secure and support the rapidly accelerated ‘work from anywhere’ model while battling a cyber threat landscape that is constantly adapting to exploit cracks in the system, said Kerry Singleton, Managing Director, Cybersecurity, APJC, for Cisco.

“Realizing that most companies do not always have the resources to invest across improving practices or culture, hiring more professionals or adopting additional technology, this study offers a guide that helps to map key security decisions to the most impactful outcomes,” he added.

The APJC markets included in Cisco’s 2021 Security Outcomes Study are Australia, China, Hong Kong, India, Indonesia, Japan, Malaysia, Philippines, Singapore, South Korea, Taiwan, Thailand, and Vietnam.

To learn more, visit cisco.com/go/SecurityOutcomes. Join the conversation using #SecurityOutcomes.