APAC firms rethink cybersecurity strategies amid confidence gap
New research has revealed a disconnect between security executives in the Asia Pacific (APAC) region and their customers regarding the effectiveness of cybersecurity defences. This dissonance has prompted many firms to reconsider their cybersecurity strategies. The findings were published in LogRhythm’s 2024 State of the Security Team Research Report.
The report, which surveyed 1,176 cybersecurity professionals and executives globally, included respondents from countries such as Singapore, Malaysia, Indonesia, Japan, India, Australia, and New Zealand. It highlighted that while 85% of security executives in the APAC region rated their cybersecurity defences as good or excellent, 46% of companies had faced issues with customer confidence. In response, over 90% of these companies have adjusted their cybersecurity strategies, with 72% citing that the loss of customer confidence occurred within the last 18 months.
Artificial intelligence (AI) was cited as a primary driver for changes in cybersecurity strategies, with 77% of respondents highlighting its role in threat management and the development of new security solutions. This trend was especially prominent in Indonesia, where AI is utilised by 86% of respondents, marking the highest adherence in the APAC region. Other factors influencing changes include compliance requirements (66%) and new attack types (58%).
The report underscored a growing expectation for senior leaders to take on more responsibility for cybersecurity breaches. A substantial 80% of respondents stated that cybersecurity leaders and CEOs should bear the primary responsibility for protecting against and responding to cyber incidents. This sentiment was especially strong in Japan, with 96% of respondents supporting this view.
Despite the increased responsibility placed on executives, a communication gap persists between security teams and non-security executives. While 90% of APAC cybersecurity teams believe they have the necessary tools to communicate the current security status to stakeholders effectively, 59% face challenges in conveying the importance of specific security measures to non-technical executives. Additionally, only 61% of non-security executives understand their company’s regulatory obligations.
Cybersecurity budgets in APAC have risen in response to the changing threat landscape. According to the report, 84% of respondents noted an increase in their company’s cybersecurity budget, exceeding the global average of 76%. Furthermore, 84% of respondents expressed confidence in having the necessary resources—such as tools, personnel, expertise, and budget—to protect their companies from cyberattacks.
However, many security teams face challenges in demonstrating the impact of these investments. Reports tend to focus on critical data like breaches (75%), incidents (68%), and security risks (67%), with less emphasis on operational metrics like time to detect (57%), time to respond (63%), and time to recover (47%). Moreover, a significant number of security teams still rely on manual approaches for sharing security status information, including static reports (84%), meetings (76%), and emails (67%).
Andrew Hollister, Chief Information Security Officer at LogRhythm, emphasised the need for a collaborative approach between senior executives and security professionals. “Today’s threat environment demands that senior executives work hand-in-hand with security teams to understand the risks, make strategic decisions, and allocate resources effectively,” he said.
Yen Nee Si, Country Manager for Asia at LogRhythm, highlighted the challenges that APAC security teams continue to face. “Despite increasing budgets, communication gaps and the lack of metrics to measure the impact of cybersecurity investments remain significant challenges,” she noted. Si suggested that organisations could address these issues by fostering collaboration between security and non-security teams and leveraging automation technologies for reporting to facilitate real-time data sharing.