India,25th August 2023— Cloudflare, Inc. (NYSE: NET), the security, performance, and reliability company helping to build a better Internet, today released a new study focused on cybersecurity in Asia Pacific. The report, called “Securing the Future: Asia Pacific Cybersecurity Readiness Survey,” shares the latest data on cybersecurity preparedness in the region, revealing how organizations are coping with rising volumes of cybersecurity incidents, their levels of preparedness, and the outcomes experienced. These new findings report that the majority of organizations are not prepared to handle cybersecurity attacks, despite the fact that attacks are on the rise.
Organizations Face Rising Volumes of Cybersecurity Incidents The study, which was conducted across over 4,000 cybersecurity decision-makers and leaders across Australia, China, Hong Kong SAR, India, Indonesia, Japan, Malaysia, New Zealand, the Philippines, Singapore, South Korea, Taiwan, Thailand, and Vietnam, found that 78% of respondents experienced at least one cybersecurity incident in the past 12 months. Of those who experienced a cybersecurity incident, 80% reported four or more incidents. And, 50% experienced 10 or more cybersecurity incidents, with 72% forecasting an increase in the next 12 months.
Majority of Organizations Not Prepared to Respond to Attacks, Millions in Losses and Fines Despite the increasing frequency of cybersecurity incidents, only 38% consider themselves highly prepared, with those in Healthcare (16%), Education (13%), Government (10%), and Tourism (10%) reporting they are most likely unprepared to withstand an incident.
What’s more, about 63% of survey respondents reported that the financial impact of cybersecurity incidents on their organizations was at least US$1M over the past 12 months, with 14% suffering a loss of more than US$3M. Asia Pacific organizations were also concerned with regulatory action. 33% of respondents said their organization reported breaches to the relevant authorities, with 26% paying a fine, and the same number facing legal action.
The study also shows talent constraints are still prevalent in the region, with a lack of talent cited by 60% of respondents when discussing challenges to cybersecurity preparedness.
Businesses Contend with Different Forms of Online Attacks While Trying to Secure a Hybrid Workforce Survey respondents reported web attacks, phishing, Distributed Denial-of-Service (DDoS), insider threats, and stolen credentials as the cyberattacks they experienced in the past 12 months. Respondents also ranked planting spyware as the primary goal of cybercriminals, followed by financial gain, data exfiltration, and ransomware. Notably, the three most pressing challenges cybersecurity decision-makers and leaders face are: securing a hybrid workforce (51%); defending against cyberattacks (48%); and deploying Zero Trust (42%).
More Products Do Not Mean More Protection Most of the respondents surveyed currently have between six and 15 products in their cybersecurity architecture, while larger organizations have almost twice as many, with 20 or more. Juggling multiple solutions has somewhat negatively impacted effectiveness — hinting that organizations should be looking to simplify. In the study, only 39% of organizations with less than 15 solutions experienced 10 or more cybersecurity incidents. However, 73% of those with more than 15 solutions experienced the same. On the other hand, 80% of organizations with less than 15 solutions were able to resolve incidents in less than 12 hours, while only 65% of those with more than 15 solutions have done the same.
Most Organizations Expect to Increase Budget in the Next 12 Months In the past 12 months, 53% of survey respondents spent between 11% and 20% of their organization’s entire IT budget on cybersecurity, while another 28% of respondents spent more than 20% of their total IT budget. Healthcare, Transportation, and Finance were the industries that spent the most on cybersecurity, while Education, Gaming, Government, and Manufacturing spent the least. When it comes to future plans, 67% of all respondents expect their cybersecurity budgets to increase in the next 12 months, while 22% expect to maintain their current spend.
“While preparedness is key, organizations continue to grapple with a cybersecurity landscape that’s more volatile and complex than ever. Simply increasing spend or adding more products isn’t the answer for the best outcome either. It’s important to build a strong security culture that empowers business leaders to approach cybersecurity as a strategic imperative to every organization, including technological and cost consolidation, in order to get the double benefit of spending less while having a more robust and simpler-to-manage cybersecurity infrastructure,” said Jonathon Dixon, Vice-President and Managing Director, Asia Pacific, Japan and China at Cloudflare.
Today, some of Asia Pacific’s most sophisticated organizations turn to Cloudflare for their cybersecurity needs, including Envato, JCB, and Melbourne Airport. “We’re a cloud-native company with a global workforce. Our staff needs to access key company resources from wherever they are in the world. Cloudflare was a really good fit — a secure, effective, and simpler approach than traditional access controls,” said Ross Simpson, Senior Principal Security Engineer at Envato.
To find out more about the APAC Cybersecurity Study, please check out: ● Whitepaper download
Survey Methodology This survey was conducted by Sandpiper Communications, on behalf of Cloudflare across a total of 4,009 cyber security decision-makers and leaders from small (150 to 999 employees), medium (1,000 to 2500 employees), and large (more than 2,500 employees) organizations. Respondents were drawn from a wide range of industries: Business & Professional Services; Construction & Real Estate; Education; Energy, Utilities & Natural Resources; Financial Services; Gaming; Government; Healthcare; IT & Technology; Manufacturing; Media & Telecoms; Retail; Transportation; Travel, Tourism & Hospitality. Respondents were based in 14 markets across Asia Pacific: Australia, China, Hong Kong SAR, India, Indonesia, Japan, Malaysia, New Zealand, the Philippines, Singapore, South Korea, Taiwan, Thailand, and Vietnam (n=203 to 426 per country), and were surveyed online and recruited via general business panels. The survey was aimed at building a better understanding of the threat landscape facing Chief Information Security Officers (CISOs) and their teams across the vast and varied territories of Asia Pacific, and the actions driving positive results and outcomes. The survey was conducted in July 2023.