An Asia Pacific Lens on the Latest CISO Benchmark Study
Managing Director, Global Security Sales Organization, Asia Pacific, Japan and Greater China
Technology, Thought Leadership, Digitization, Security
Cisco recently released the fifth edition of our CISO Benchmark Study which surveyed over 3,000 security leaders across 18 countries on the state of the CISO. With more data, more devices, and more applications, businesses and governments have more to protect. IT teams today are tasked with driving digital transformation and innovation, while managing security risks. They also face having limited resources to help navigate a fast-moving and complex threat landscape, which can seem overwhelming.
One key change that I’ve observed over the past few years is how cybersecurity is today recognized and accepted as mission critical to organizations’ ability to transform themselves and compete in the market. However, the cybersecurity landscape is constantly evolving.
Here are three key trends that stood out among the Asia Pacific respondents from our latest CISO Benchmark Study.
Businesses are slowly starting to gain more control and balance risks when hit by a breach
The Asia Pacific results of the CISO Benchmark study showed that the cost of a cyber breach is trending higher in Asia Pacific where 16 percent of companies are incurring financial impact of more than US$5 million from a cyber breach, double that of the global average.
However, the results of the study also showed that 39 percent of companies in Asia Pacific were able to contain the cost of a cyber breach to below US$500,000. This compares to 33 percent in 2018, so a greater number of companies are experiencing breach costs in the lower categories. While the survey did not ask respondents for specific reasons behind an increase or decrease in costs, the results highlight that businesses are starting to gain more control and balance risks when hit by a breach.
Security professionals are changing the way they measure their success
Many respondents are moving toward remediation as a key indicator of security effectiveness, compared to time to detect. 48 percent of respondents in Asia Pacific cited this, compared to 36 percent in 2018, in line with the worldwide results.
This is starting to reflect how quickly companies are recovering from a breach. The study highlighted that only 4 percent of companies saw an outage that lasted more than 24 hours.
Studies have shown that the faster a company can remediate a cyber breach, the lower the financial impact. A study released by management consulting firm A.T. Kearney in 2018 estimated that an almost instant detection of a cybersecurity breach within a large enterprise costs the business US$433,000. If detection is delayed by more than a week, the figure triples to an average of US$1,204,000.
By moving toward time to remediate as a key indicator of security effectiveness, companies in Asia Pacific are demonstrating more maturity and a more holistic understanding of tackling security that goes beyond just detecting and patching a threat. It also indicates that automation tools such as our Cisco Threat Response is making it easier for security professionals to detect and respond to a threat and can therefore focus their efforts on remediation.
Security solutions need to be integrated and work together to defend against potential attacks
One of the big challenges that companies have faced has been around the difficulty in orchestrating alerts across multiple vendors and solutions in their security environment. This is an acute problem in Asia Pacific with 17 percent of respondents saying they have more than 20 vendors in their environment, higher than the global average of 14 percent. Fifty-four percent of respondents in Asia Pacific cited having fewer than 10 vendors, lower than the global average of 63 percent.
This is clearly having an impact on the security preparedness as a staggering 93 percent of respondents in Asia Pacific said it was somewhat or very challenging to orchestrate cybersecurity alerts from multiple vendor products. The results are higher than the global average of 79 percent.
What we’ve observed is that companies have traditionally adopted a best of breed approach when it comes to building their security capabilities. While this may help patch individual vulnerabilities, it creates a bigger issue as having more point solutions that don’t work together increases their security effectiveness gap.
We are seeing a trend toward vendor consolidation but also recognize that there are many control points in the security ecosystem and the attack surface continues getting bigger.
It is therefore crucial to remember that cyber criminals are constantly working together and are relentless in their pursuits of hacking networks and inflicting damage on their targets. Defenders need to take a similar approach by collaborating more, sharing intelligence and ensuring they stay a step ahead of the attackers. The first step in that direction is to have a strategic approach to building a comprehensive security environment and ensuring that the solutions are integrated and can work together to defend against potential attacks.
To find out more about how the state of CISOs in the Asia Pacific region compares against CISOs globally, watch this short interview below where I deep dive into some of the results with Ben Munroe. You can also read the global report here.