Some 56% of Asia-Pacific businesses admit to sidestepping digital processes to accommodate remote or flexible work arrangements. This despite 48% expressing increased concern about their company's ability to manage security threats.
The latter figure was higher than their counterparts in the Americas, 41% of whom were similarly more concerned than before about their organisation's ability to mitigate cyber threats, revealed EY's 2021 Global Information Security Survey. Conducted in March and May this year, the study polled 1,010 respondents worldwide, with 20% from Asia-Pacific, 36% in the Americas, and the remaining 43% from Europe, Middle East, India, and Africa (EMEIA).
Just 20% in Asia-Pacific said the cybersecurity teams were part of the planning stage of any digital transformation initiative, the study found. Respondents further noted that while business managers recognised cybersecurity team's strengths in traditional areas, such as controlling risk, they did not always regard it as a strategic partner.
In fact, 71% of cybersecurity leaders described their relationships with business owners as neutral or negative. Some 44% said their engagements with marketing and HR departments were poor.
Despite the emergence of sophisticated cyber attacks, the EY report noted that 57% of organisations in the region were uncertain if their cybersecurity defences were sufficiently robust to combat new hacking tactics.
Some 73% cited an increase of disruptive attacks such as ransomware over the past year, up significantly from 47% in the 2020 report.
Another 47% warned that their company's cybersecurity budget was inadequate to mitigate challenges that had surfaced in the last 12 months. In fact, 41% were anticipating a major breach that they might be able to avoid if they had better investment in cybersecurity, compared to 29% in the Americas.
The report revealed that Asia-Pacific respondents allocated 0.05% of their annual revenue to cybersecurity, which was similar to the global average of 0.04%.
EY's Asia-Pacific cyber leader Richard Watson said: "Businesses are planning a new wave of technology investments to thrive in the post-COVID-19 era. If cybersecurity is left out of investment discussions, the threat will continue to grow in the years to come. They should consider sharing the cost of cybersecurity across the business to support transformation."
EY's Asean cybersecurity lead Steve Lam added that businesses were realising "stop-gap technology solutions" rolled out in the early days of lockdowns were inadequate to securely support the new normal around work.
With some parts of Southeast Asia still in lockdown, Lam said such challenges for CISOs (chief information security officers) in the region were further compounded by the shortage and high turnover rates for cybersecurity skills local markets. If these executives were able to plug the talent gaps, he noted that CISOs could tap their company's ongoing business and technology transformation in response to the pandemic and drive improvements in the organisation's cybersecurity posture.
Watson said: "CISOs must make difficult decisions, realigning cybersecurity requirements to better meet changing business needs after the COVID-19 pandemic. Mapping cybersecurity strategy and their organisation's risk profile against business and IT goals will ensure alignment and cement strategic relationships between CISOs, CEOs, and the rest of the C-suite."
"At a time of greater distrust and with the cyber function being under more scrutiny than ever, CISOs have an opportunity to better demonstrate the strategic importance of their role and raise their profiles within the business, especially in the aftermath of the pandemic," he added.
Remote arrangements accelerate education security risks
In a separate note published Thursday, Check Point Software Technologies revealed that cyber attacks against the Southeast Asian education and research sector climbed 28% in July 2021 to an average of 1,739 attacks a week, compared to the first half of 2021.
Globally, this increase clocked in at 29% for the sector, with India the top-most targeted country, followed by Italy, Israel, Australia, and Turkey. India's education and research sector saw an average of 5,196 weekly attacks per organisation, up 22% from the first half of the year.
Sector-wise, South Asia also was the most targeted region, followed by East Asia and Australia/New Zealand, according to Check Point.
The security vendor's Asean and Korea regional director Teong Eng Guan noted: "The education sector in Southeast Asia was attacked significantly more compared to other industries in the month of July. Schools, universities, and research centers make for attractive targets to cybercriminals because they are often under resourced from a security perspective.
"The short-notice, on-and-off shift to remote learning exacerbates the security risk," Teong said. "With so many students logging on from their home networks using their personal devices, the current school season presents a range of new security threats that many aren't prepared to address. Organisations in the education sector should be proactive in their protection strategies. It's important to constantly change and strengthen your passwords and use technologies that prevent cyberattacks, such as ransomware."
- Regulations against ransomware payment not ideal solution
- Remote work readiness gives Singapore firms cybersecurity anxiety
- Global pandemic opening up can of security worms
- Lack of cloud expertise, controls leave APAC firms vulnerable in remote work
- APAC firms face growing cyberattacks, take more than a week to remediate
- APAC employees not fully secure to work from home
- Remote workers in Singapore aware of security rules, but still break them anyway
- US pipeline ransomware attack serves as fair warning to persistent corporate inertia over security