Small and medium-sized businesses (SMBs) are the lifeblood of Asia Pacific’s economy. In line with cybersecurity awareness month in October, and as the pace of digitalization accelerates across the region, Cisco commissioned an independent study of over 3,700 cybersecurity leaders in Asia Pacific SMBs. We wanted to understand the evolving cybersecurity challenges, how leaders are approaching cyber preparedness, and recommendations for improving it.

The study, Cybersecurity for SMBs: Asia Pacific Businesses Prepare for Digital Defense, found 56% of SMBs in Asia Pacific suffered a cybersecurity incident in the past year. Of these, 51% said the incidents cost them over US$500K and significant loss of both reputation and customer trust.

The main reason cited as the cause of these incidents was inadequate cybersecurity solutions to detect or prevent the attack (39% ranked top factor). 33% ranked not having cybersecurity solutions as the #1 reason.

The good news is 81% of SMBs are building cyber-preparedness via attack scenario planning and simulations to help uncover weaknesses before hackers can exploit them. For SMBs who undertook simulations and found weaknesses, a stunning 95% found gaps in threat detection and blocking technology; too many poorly integrated technologies; and insufficient employee training.

I talk with customers about these issues frequently. Nothing offers hackers a better opportunity to infiltrate systems than gaps in a business’s infrastructure across multiple technologies. Historically, businesses have a tendency to bolt on new security solutions as required, but they often don’t integrate with the rest of the network and simply add another complexity.

SMBs have to close the loop. The best defense is a strong defense; which must start (and finish) with a security-first end-to-end platform solution offering full integration and visibility across the entire network and user base, especially with today’s hybrid workforce. From an infrastructure standpoint, end-to-end integration offers SMBs the best protection through rapid threat detection and blocking, complete transparency across the system and includes built-in security protocols to block, segment and remediate any cyber incident.

Similarly, ongoing education and training for all employees is a vital cog in the cybersecurity awareness wheel. The vast majority of attacks are malware sent via email or SMS so employees need to understand and remain vigilant to the threats, particularly in this new world of hybrid work where personal devices are sometimes used to connect to the network.

These deterrents to malicious actors are powerful because even if they can exploit a vulnerability, the visibility, detection and mitigation capabilities of integrated end-to-end security significantly limits their ability to profit from a breach. They may as well look elsewhere. And often they do.

Read the full report