APAC firms re-evaluate cybersecurity strategies amid customer confidence issues

Experts call for collaborative approach between senior executives and IT security teams

APAC firms re-evaluate cybersecurity strategies amid customer confidence issues

Cyber

By Roxanne Libatique

A new study by global IT security company LogRhythm has revealed a disconnect between security executives in the Asia-Pacific (APAC) region and their customers regarding the perceived effectiveness of cybersecurity measures.

LogRhythm’s 2024 State of the Security Team Research Report said this discrepancy has prompted numerous firms to re-evaluate their cybersecurity strategies.

The report, based on a survey of 1,176 cybersecurity professionals and executives globally, includes participants from Singapore, Malaysia, Indonesia, Japan, India, Australia, and New Zealand.

Confidence gap

Findings showed that 85% of APAC security executives rate their cybersecurity defences as good or excellent, yet 46% of companies have experienced customer confidence issues.

In response, more than 90% of these companies have adjusted their cybersecurity strategies, with 72% citing that the loss of customer confidence occurred in the past 18 months.

Key factors driving changes in cybersecurity

Artificial intelligence (AI) emerged as a key driver for these strategic changes, with 77% of respondents highlighting its role in threat management and the development of new security solutions.

Other factors influencing strategic shifts include compliance requirements (66%) and new types of cyberattacks (58%).

Growing expectation for senior leaders to take more responsibility for cyber breaches

The report also noted a rising expectation for senior leaders to bear more responsibility for cybersecurity breaches.

A significant 80% of respondents believe that cybersecurity leaders and CEOs should primarily be responsible for defending against and responding to cyber incidents.

Communication gaps

Despite this increased responsibility, communication gaps remain between security teams and non-security executives.

Although 90% of APAC cybersecurity teams believe they possess the necessary tools to effectively communicate security status to stakeholders, 59% report difficulties in explaining the importance of specific security measures to non-technical executives. Furthermore, only 61% of non-security executives understand their company’s regulatory obligations.

These figures reflect the findings of a security firm’s recent study, which revealed that internal communication failures – particularly between IT security teams and corporate leadership – significantly impact Australian companies’ capability to fend off cyber threats.

APAC cybersecurity budgets increased

In light of the evolving threat landscape, APAC cybersecurity budgets have risen. The 2024 State of the Security Team Research Report indicated that 84% of APAC respondents observed an increase in their company’s cybersecurity budget, surpassing the global average of 76%.

Additionally, 84% expressed confidence in having the necessary resources – including tools, personnel, expertise, and budget – to defend against cyberattacks.

However, many security teams find it challenging to demonstrate the impact of these investments. Reports tend to prioritise critical data like breaches (75%), incidents (68%), and security risks (67%), while giving less attention to operational metrics such as time to detect (57%), time to respond (63%), and time to recover (47%).

Moreover, a notable number of security teams still rely on manual methods for sharing security status information, including static reports (84%), meetings (76%), and emails (67%).

Importance of collaboration between IT security teams and corporate leadership

Andrew Hollister, chief information security officer at LogRhythm, emphasised the necessity of a collaborative approach between senior executives and security professionals.

“Today’s threat environment demands that senior executives work hand-in-hand with security teams to understand the risks, make strategic decisions, and allocate resources effectively,” he said, as reported by IT Brief.

Yen Nee Si, country manager for Asia at LogRhythm, acknowledged the ongoing challenges for APAC security teams.

“Despite increasing budgets, communication gaps and the lack of metrics to measure the impact of cybersecurity investments remain significant challenges,” she said, as reported by IT Brief.

She called on organisations to address these issues by fostering collaboration between security and non-security teams and using automation technologies for real-time reporting and data sharing.

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!