Sophos announced the findings of the second edition of its survey report, The Future of Cybersecurity in Asia Pacific and Japan, in collaboration with Tech Research Asia (TRA). The study reveals that despite cyberattacks increasing, cybersecurity budgets have remained stagnant and executive teams continue to underestimate the level of damage threats can do to organisations.
Insignificant rise in budgets, despite significant rise in attacks
In India, despite having the highest percentage of companies with an independent security budget, 52 per cent of organisations say they fell victim to a successful cybersecurity attack in the last 12 months. Of these successful breaches, 71 per cent of organisations admitted it was a serious or very serious attack, and 65 per cent said it took longer than a week to remediate.
While attacks are increasing in frequency and severity, cybersecurity budgets remained largely unchanged as a percentage of revenue between 2019 and 2021. At the same time, India reported the highest percentage of companies that have an independent security budget. Furthermore, they expect a rise in the median percentage of technology budgets spent on cybersecurity from 9 percent today to 10 percent in the next 24 months.
Adding his thoughts, Sunil Sharma, managing director – sales, Sophos India and SAARC, said, “Cyberbreaches are a reality that we cannot afford to ignore. Within an organisation, there will always be multiple threats that can exploit various vulnerabilities and launch full blown cyberattacks. The only way to stop these threats is to actively hunt for them and neutralize them. This makes threat hunting an important function to mitigate the damage caused by cyberattacks. Hence, there is a strong need for increased cybersecurity budgets to include threat hunting in house or outsourced services like managed detection and response (MDR). Our findings show there is budget allocated for cybersecurity in India, but it isn’t enough. Indian organisations need to view cybersecurity as a value to the business and increase their budgets accordingly.”
Overall, 44 per cent of Asia Pacific and Japan (APJ) organisations surveyed suffered a data breach in 2020, up from 32 per cent in 2019. Of these successful breaches, 55 per cent of companies rated the loss of data as either “very serious” (24 per cent) or “serious” (31 per cent). Seventeen per cent of organisations surveyed suffered at least 50 attacks, per week. As cyberattacks continue to rise, the report found that malware, AI/ML-driven attacks and nation state attacks will be the most serious threats to enterprise cybersecurity over the next 24 months.
“Ultimately, security is about right sizing the risk. If the risk increases, budgets should also increase, but in this climate of uncertainty, we’ve seen organisations take a conservative approach to security spending, which is impacting their ability to stay ahead of cybercriminals,” said Trevor Clarke, lead analyst and director at Tech Research Asia.