Cyberattacks increase While Stagnant Budgets and Apathetic Leadership Remain Major Cybersecurity Barriers in Asia Pacific and Japan

Sophos Press Release

Sophos study of 900 business decision makers across Asia Pacific and Japan indicates COVID-19 accelerated period of digitisation and was a catalyst for improving cybersecurity, but systemic security issues persist

Japan – 29 March, 2021 – Sophos, a global leader in next-generation cybersecurity, today announced the findings of the second edition of its survey report, The Future of Cybersecurity in Asia Pacific and Japan, in collaboration with Tech Research Asia (TRA). The study reveals that despite cyberattacks increasing, cybersecurity budgets have remained stagnant and executive teams continue to underestimate the level of damage threats can do to organisations.   

Attacks rise, budgets stay the same

Nearly 70 percent of Asia Pacific organisations surveyed suffered a data breach in 2020, an increase of 36 percent from 2019. Of these successful breaches, 55 percent of companies rated the loss of data as either “very serious” (24 percent) or “serious” (31 percent). Nearly 17 percent of organisations surveyed suffered 50 attacks, per week.

While attacks are increasing in frequency and severity, cybersecurity budgets remained largely unchanged as a percentage of revenue between 2019 and 2021. At the same time, 59 percent of businesses stated that their cybersecurity budget is below where it needs to be, the same percentage it was in 2019.

“Ultimately, security is about right sizing the risk. If the risk increases, budgets should also increase, but in this climate of uncertainty, we’ve seen organisations take a conservative approach to security spending, which is impacting their ability to stay ahead of cybercriminals,” said Trevor Clarke, lead analyst and director at Tech Research Asia.    

The top frustrations of Asia Pacific and Japan companies reflect boardroom indifference 

Across Asia Pacific and Japan (APJ), the number one frustration identified by companies is that executives assume cybersecurity is easy and that cybersecurity threats and issues are exaggerated. A lack of budget ranked second, followed by the struggle to fill cybersecurity roles.

“Our research highlights a disturbing attitude that needs to be tackled head on – executive teams claiming that cybersecurity incidents are exaggerated. It is confounding that this attitude prevails even when the end of 2020 showed us just how bad a global supply-chain attack could be. If that wasn’t enough, the more recent zero-day vulnerabilities in widely deployed email platforms demonstrates the desperate need for unification when it comes to cyber resilience. Everybody needs to play a part. And to play a part, we all need to understand the risk,” said Aaron Bugal, global solutions engineer, Sophos.    

The industry skills shortage continues to create challenges

There has been nominal improvement on the cybersecurity skills gap issue in 2021. Nearly 60 percent of businesses agree that their company’s lack of cybersecurity skills is challenging for their organisation, compared to 62 percent in 2019.

A lack of suitable staff and budget constraints continue to hinder organisations from obtaining the skills they require in-house. More than 60 percent of companies struggle to recruit candidates with the necessary skills, which is only a five percent improvement from 67 percent in 2019.

COVID-19’s impact on remote working accelerated transformation, but exposed vulnerabilities   

COVID-19 had a positive impact on cybersecurity, with 69 percent of companies agreeing that the outbreak of COVID-19 was the strongest catalyst for upgrading cybersecurity strategy and tools in the past 12 months.

At the same time, just over half of organisations indicated they were unprepared for the security requirements driven by the sudden need for secure remote working at the onset of the pandemic.

“COVID-19 compelled companies to refresh their cybersecurity strategies, yet the transformational shift to remote working also exposed additional weaknesses. Businesses have transformed their workplace environments, undergone an accelerated period of digitisation, yet continue to confront systemic cybersecurity issues, including executive apathy, low budgets and a lack of skilled cybersecurity professionals.

“Despite improvements made, progress remains slow, reinforcing our belief that cybersecurity is never ‘finished’ and requires a constant focus, both from technological and cultural viewpoints,” said Trevor Clarke.

Acerca de Sophos

Sophos, líder mundial en ciberseguridad next-gen, protege a más de 400 000 empresas de todos los tamaños en más de 150 países de las ciberamenazas más avanzadas de la actualidad. Gracias al respaldo de SophosLabs, un equipo global de ciencia de datos e información sobre amenazas, las soluciones con IA y nativas en la nube de Sophos protegen endpoints (portátiles, servidores y dispositivos móviles) y redes contra las técnicas de ciberataque en evolución, como el ransomware, el malware, los exploits, la exfiltración de datos, las intrusiones de adversarios activos y el phishing, entre otras. Sophos Central, una plataforma de administración nativa en la nube, integra todo el catálogo de productos next-gen de Sophos, incluidos la solución para endpoints Intercept X y el firewall next-gen XG, en un único sistema de “Seguridad Sincronizada” accesible a través de una serie de API. Sophos ha estado impulsando una transición a la ciberseguridad next-gen, aprovechando las capacidades avanzadas de la nube, el Machine Learning, las API, la automatización y la respuesta administrada a las amenazas, entre otras, a fin de ofrecer una protección de nivel empresarial a empresas de todos los tamaños. Sophos vende sus productos y servicios exclusivamente a través de un canal global de más de 53 000 partners y proveedores de servicios administrados (MSP). Asimismo, Sophos pone a disposición de los usuarios particulares sus innovadoras tecnologías comerciales a través de Sophos Home. La empresa tiene su sede en Oxford, Reino Unido. Encontrará más información en es.sophos.com