More than half (57%) of Asia-Pacific businesses are unsure if their cyber security defenses are strong enough to combat hackers’ new strategies, an EY Global Information Security Survey (GISS) found.
At the same time, the cyber spend of Asia-Pacific businesses remains low at just 0.05% of their annual revenue, on par with the global average of 0.04%.
The low allocation of budget to counter cybersecurity risk is surprising, given that almost three in four (73%) Asia-Pacific companies warn of an increase in the number of disruptive attacks, such as ransomware, over the last 12 months (compared to 47% in last year’s GISS).
“Businesses are planning a new wave of technology investments to thrive in the post-COVID-19 era. If cybersecurity is left out of investment discussions, the threat will continue to grow in the years to come. They should consider sharing the cost of cybersecurity across the business to support transformation,” warned Richard Watson, EY Asia-Pacific Cyber Leader.
The essential relationships between cybersecurity leaders in Asia-Pacific and other functions in the business lack positivity and strength, EY emphasised.
Almost 80% of respondents in the region say cyber security teams are not always consulted or briefed in a timely manner until after the planning stage has finished, slightly higher than the global average of 76%.
“CISOs must make difficult decisions, realigning cybersecurity requirements to better meet changing business needs after the COVID-19 pandemic. Mapping cyber security strategy and their organisation’s risk profile against business and IT goals will ensure alignment and cement strategic relationships between CISOs, CEOs and the rest of the C-suite,” added Watson.
