36% of APJC organizations reported successfully navigating current cybersecurity challenges in today’s remote-first world with software and cloud-first strategies. According to Cisco’s 2021 Security Outcomes Study for APJC, organizations that regularly update their technology were the most likely to report successful security programs.
The global study, which is based on a double-blind, independently analyzed survey, includes 2,110 cybersecurity, IT and privacy professionals across 13 markets in APJC. The results offer specific actions that cybersecurity professionals can take for greater success and help businesses decide where to focus their security efforts this year.
On average APJC organizations that have a proactive, tech refresh strategy are 15% more likely to report overall security success – the highest of any practice. This is most significant in China, where organizations doing this are 31% more likely to report successful security programs, followed by Thailand (30%), Australia (23%) and Japan (20%).
However, not all organizations have the budget or expertise to make this happen, also known as the “Security Bottom Line”. A strategy to migrate to cloud and SaaS security solutions can help close this gap.
The study further finds that APJC cybersecurity programs struggle the most with obtaining peer buy-in, with one-third (33%) of organizations reporting successfully achieving it. This is followed by minimizing unplanned work (34% success); retaining security talent (36% success); managing top risks (37% success), and avoiding major incidents and creating security culture (both 38% success).
Other key findings in APJC from the report include:
- A well-integrated technology stack is the second most important factor for cybersecurity success. It has a positive impact on nearly every outcome evaluated, increasing the probability of overall success by an average of 7%. Interestingly, integrations also benefit the recruitment and retention of talent, as security teams want to work with the best technology and avoid burnout.
- Integration is also the most significant factor in establishing a security culture that the entire organization embraces. Instead of traditional security training programs, which do not correlate with a positive culture, investment in technology that is flexible and frictionless is shown to have a greater impact on overall security.
- As a standalone practice, IT and security “working together” appears to correlate the least with overall success. This seems surprising but may point to security being a part of many CIO’s IT organizations, implying cooperation is built-in and does not need extra management or measurement. It’s also possible that organizations view large IT projects such as Zero Trust or SASE/SD-WAN implementations as security-led and owned. In most cases, these efforts are cross-domain with IT and security collaboration essential.
“This report highlights how security, rather than something that happens at the back-end, is now becoming critical to a business operations and management. With more people and devices connected digitally than ever before and the threat landscape become more extensive and complex, businesses must consider data privacy and security as top priorities to accelerate growth in the next normal,” said Vishak Raman, Director, Security Business, Cisco India & SAARC
The APJC markets included in Cisco’s 2021 Security Outcomes Study are Australia, China, Hong Kong, India, Indonesia, Japan, Malaysia, Philippines, Singapore, South Korea, Taiwan, Thailand, and Vietnam.
To learn more, visit cisco.com/go/