Key APAC findings

• Leaders prioritize more staff training and investment in commercial security controls to overcome the cybersecurity talent crunch (47% of respondents cited these two initiatives as the alternatives to hiring)
• Fewer companies are integrating automation and analytic tools into their cybersecurity capabilities (35% in APAC vs 45% in North America). This is possibly due to the complexity of data and the difficulty in integrating disparate tools.
• Singapore: Just 27% of companies will increase spending significantly over the next 12-24 months (vs 59% for rest of the world)
• Australia/New Zealand: Ransomware is a top focus for only 19% of IT leaders (vs 29% in Asia Pacific). This is possibly due to better ransomware insurance rates.
• India: 42% of organizations report being overwhelmed by the number of attacks (part of the problem is the complexity of their tool ecosystems). Some 59% have reported breaches in the past two years (vs 45% in Asia Pacific).

The global state

Globally, the report has also found that:

• Bad actors are going unnoticed on corporate networks for extended periods of time. On average respondents report over two months (2.24) go by from when a bad actor gains access to when appropriate parties are aware of it.
• The mean number of outages an organisation faces is ~22 per year. The costs of this downtime consumes roughly 2.7% of annual revenue. According to Splunk’s recent Resilience Pays Off global research report, this downtime can cost organisations roughly $365,000 per hour.
• Security incidents are an existential threat. Over a third (39%) of the respondents say cybersecurity incidents have directly harmed their competitive position. In addition, 31% say cybersecurity incidents have reduced shareholder value.

While enterprises face major cybersecurity obstacles, many organizations are taking steps to address these challenges:

• Security teams are spending more
  95% of the respondents say their security budgets will increase over the next two years, with 56% saying their budgets are increasing “significantly.”
• Cybersecurity is a team sport
  81% of organizations say they are converging aspects of their security and IT operations together. Respondents believe that this convergence will help with the overall visibility of risks in their environment (58%) and that they will see improved cooperation in threat identification and response processes (55%).
• Organizations focus on protecting their supply chain
  95% of respondents say they have increased their focus on third-party risk assessments.
• Data is the answer
  91% of respondents agree that better capture and analysis of detection data is one of the most effective tools to prevent successful ransomware attacks.