Organizations in Malaysia are seeing a decline in the financial impact from cyber breaches, according to Cisco 2019 Asia Pacific CISO Benchmark Study.
The study also reported that 26 percent of companies in Malaysia said the most severe breach in the past one year cost them more than USD1 million (RM4.11 million). This is a big decline from a year ago, when 50 percent companies reported the same financial impact or more. There was also a sharp decline in the number of companies suffering an impact of more than USD10 million (RM41.05 million) from their most severe breach. Only 3 percent of respondents reported impact costs of this amount, compared to 8 percent a year ago.
The study, based on a survey of close to 2,000 security professionals from across the region, highlights that while security practitioners in Malaysia are being kept busy, they are getting better at tackling the issue. According to the study, 44 percent of respondents reported receiving more than 10,000 threat alerts a day, while 36 percent said they receive more than 50,000 alerts per day.
With a high number of cyber threats alerts, the real challenge lies in what comes after an alert is received. How many of the alerts are investigated, and how many of those found to be genuine are eventually remediated.
The good news is that companies in Malaysia are doing better on both fronts. According to the study, companies in Malaysia investigated 44 percent of the threat alerts they received, up from 40 percent last year. Of the alerts that were investigated and found to be genuine in the country, 46 percent were remediated. This is better than the Asia Pacific and global averages, which stood at 38 percent and 43 percent respectively.
Albert Chai, Managing Director Malaysia at Cisco, said: “As digital adoption gathers pace in Malaysia, we are seeing an increased awareness of cybersecurity among businesses. This is crucial because the success of the digital economy hinges in large part on businesses’ ability to tackle cybersecurity risks. For companies to be able to do that, security can no longer be an afterthought; it needs to be the underlying foundation of any digitalization effort. While we are seeing some positive trends, a lot more needs to be done to ensure that businesses are well prepared to tackle any issue on this front.”
The study highlights that companies in Malaysia are facing longer downtimes due to cyber breaches. Among the respondents, 27 percent of companies experienced a downtime of 24 hours or more after their most severe breach in the past one year, compared to just 4 percent globally and 23 percent in Asia Pacific. The Malaysia number is also a huge increase from 2018, when only 9 percent of organizations in the country suffered downtime of 24 hours or more.
In addition, the use of multiple vendors is adding to the complexity for security professionals. In Malaysia, 35 percent of companies said they use more than 10 security vendors. While this is a slight improvement from 2018 (39 percent), it is still a key issue. Furthermore, the study also reports that 90 percent of companies in Malaysia said they find it challenging to orchestrate alerts from multiple vendors’ security products. This is higher than the regional (88%) and global averages (79%).
Kerry Singleton, Director Cybersecurity for ASEAN at Cisco, said: “Complexity due to a multi-vendor environment and the increased sophistication of businesses with OT networks and multi-cloud adoption continue to challenge security practitioners in Asia Pacific. As organizations look to reduce the impact of a cybersecurity breach, they need a simplified and systematic approach to security in which solutions act as a team, and learn, listen and respond as a coordinated unit.”
“One way for organizations to simplify security is by considering a Zero Trust approach which looks at security in three key areas—workforce, workload and workplace. Doing so enables organizations to protect users and their devices against stolen credentials, phishing and other identity-based attacks, manage multi-cloud environments and contain lateral movement across the network,” he added.
Other key trends that emerged from the study include:
The top barriers for adopting advanced security technologies in Malaysia are:
- organizational culture / attitude about cybersecurity (43 percent)
- budget constraints (38 percent)
- lack of trained personnel (38 percent)
- lack of awareness of advanced security technologies and processes (38 percent)
In fact, lack of trained personnel is an issue for greater number of companies in Malaysia this year compared to 2018, when only 26 percent of organizations cited it as one of their main challenges.
When it comes to data breaches and the improvements that were made following a breach, the top measures among Malaysian companies was to increase:
- security awareness training among employees (56 percent)
- enforcement of data protection laws and regulations (44 percent)
- focus on preventing security breaches caused by employee-owned mobile devices (37 percent) and
- focus on risk analysis and mitigation (37 percent)
The Cisco 2019 Asia Pacific CISO Benchmark Study surveyed close to 2,000 security leaders across 11 countries in Asia Pacific. This includes leaders from organizations of 100–499 employees to large enterprises and the public sector. The data was gathered across four key areas:
- Cybersecurity culture
- Security alerts and the impact of data breaches
- Cybersecurity trends: Cloud and Operational Technology threats
- The defenders’ approach on managing vendors
Read the report here.