About 84% of IT decision makers polled last year planned to increase cybersecurity budgets for the next three years.

After witnessing organizations and enterprises succumbing to major data breaches for the past years, companies in Southeast Asia (SEA) have tagged data protection as a top priority when it comes to challenges related to IT security.

Among the other urgent cybersecurity issues identified in the SEA region are keeping relationships with partners and customers in the age of digitalization, and ensuring that staff comply with security policies and regulatory requirements.

Security issues related to cloud infrastructure adoption and the cost of securing increasingly complex technology environments have also been considered as stumbling blocks for some businesses.

This and more findings were uncovered by the annual Kaspersky Global Corporate IT Security Risks Survey which interviewed nearly 300 IT business decision-makers in SEA last year.

Interesting statistics

One key finding of the report was that companies fear data loss and being exposed to a targeted attack the most (34%), followed by electronic leakage of data from internal systems (31%).

Another 22% of the survey respondents admitted their distress towards the possibility of surveillance or espionage by competitors. Moreover, 20% of firms in the region also admitted that they were worried about identifying and remedying vulnerabilities in IT systems they use.

Incidents affecting IT infrastructure hosted by a third party, and inappropriate IT resource use by employees are both critical concerns for some 18% of companies in the region.

Comments Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky: “The past few years have shown and proved the ugly and costly aftermaths of a successful cyberattack. From the US$81M heist against a central bank to a data breach leaking names of HIV cases, our past offers timeless lessons on cybersecurity which organizations and businesses in all shapes and sizes should definitely learn from.”

Tiong said it is encouraging that local companies are starting to prioritize IT security. In fact, research showed that, on average, businesses in the region are currently spending US$14.4m to build their cybersecurity capabilities. And 84% of the professionals surveyed also confirmed plans to increase the budget for this area in the next three years, which is really important in this era where networks are becoming more advanced and complex, “thanks to breakthrough technologies like Internet of Things, 5G, and the rapid adoption of Industry 4.0,” he added.

Almost 50% of the respondents cited increased complexity of IT infrastructure as a factor for expected budget markups. Companies surveyed also noted that the increment aims to improve the level of specialist security expertise (46%) and is due to new business activities or expansion (39%).

To help companies in their budgeting process and in making the most out of their security investments, businesses are recommended by Kaspersky to:

  • Assess your company’s cybersecurity risks when planning your budget. Consider the cost to the company and the probability of their occurrence.
  • Rely on expertise. Decisions about the purchasing of cybersecurity tools or services should not be taken by one person. Before this stage, expert analysis should be made that reveals the best option for the best price.
  • Involve higher management in cybersecurity matters, including budgets; and make sure to speak to them in their language. Do not tell them how cybersecurity works, but show them the business risks and the amount of money they can lose by not improving cybersecurity.
  • Use a free tool by Kaspersky to check your buget benchmark. Enter your company’s region, size and industry to see the average budget for similar companies to yours.
  • Start with a sturdy foundation, a dedicated endpoint product that demands minimum management allowing employees to do their main job but protects from malware, ransomware, account takeover, online fraud and scams.
  • Further build your cybersecurity capability with security solutions and services founded with in-depth threat intelligence.