According to Cisco’s inaugural Cybersecurity Readiness Index, only 23% of Southeast Asian organisations have reached the Mature level of readiness necessary to defend against modern cybersecurity risks. The index was developed with the post-COVID, hybrid world in mind, emphasizing the need to secure users and data wherever work is done.
The report indicates that organisations must adapt to the hybrid world where employees use multiple devices, access applications on the go, and produce large amounts of data, all of which present new cybersecurity challenges.
The index measures five core pillars for maintaining cybersecurity resilience: identity, devices, network, application workloads, and data.
The study surveyed 6,700 cybersecurity leaders from 27 markets, including six Southeast Asian countries. Companies were classified into four stages of readiness: Beginner (overall score lesser than 10), Formative (11-44), Progressive (45-75), and Mature (76 and above).
In Southeast Asia, 44% of companies were found to be in the Beginner or Formative stages, performing below average on cybersecurity readiness. Globally, 15% of companies are at a Mature stage.
The readiness gap is concerning, as 90% of respondents anticipate a cybersecurity incident to disrupt their business within the next two years. Additionally, 64% of respondents experienced a cybersecurity incident in the past year, with 45% of those affected reporting costs of at least US$500,000.
“Security resilience is non-negotiable today as organisations operate in a hybrid, always-on world. Organisations must take notable steps to close the security readiness gap as the threat landscape evolves and expands. While companies in ASEAN are doing better than their global counterparts on their levels of security preparedness, more needs to be done,” remarked Bee Kheng Tay, President for ASEAN, Cisco.
To create secure and resilient organisations, business executives must set up a foundation of readiness that would work across the pillars. Given that 90% of respondents intend to boost their security budgets by at least 10% over the following 12 months, this requirement is particularly very much needed. Organisations can enhance existing strengths and focus on the areas where they need to become more mature and stronger.
Juan Huat Koo, Cybersecurity Lead, ASEAN, Cisco, advises adopting an integrated platform approach to security, including a zero-trust strategy and end-to-end visibility, to help organisations achieve security resilience while reducing complexity in a hybrid world.
As for readiness across the pillars, the survey reported that a mere 25% of organisations have achieved Mature status in the category of identity. As for ‘devices’, although 39% of companies reached the Mature stage, the highest among the pillars, nearly half (47%) still fall within the Beginner or Formative stages.
Network Security: With 45% of organizations in the Beginner or Formative stages for ‘network security’, there is considerable room for improvement in network security. The ‘application workload’ pillar reveals the lowest preparedness, as 54% of organisations remain in the Beginner or Formative stages. Finally, while over half (57%) of companies have reached the Mature or Progressive stage, there is still progress to be made in the ‘data’ pillar, with 16% in the Beginner category.
