Malware, AI/ML-driven attacks, and nation-state attacks are the three most significant threats to enterprise security in the next 24 months, according to a survey study by Sophos.
In partnership with Tech Research Asia (TRA), Sophos released the results of the second edition of its survey study, The Future of Cybersecurity in Asia Pacific and Japan. Despite the fact that cyberattacks are on the rise, cybersecurity budgets have remained static, and executive teams continue to underestimate the amount of damage threats can cause to businesses, according to the study.
Despite a large increase in cyberattacks, expenditures have risen insignificantly
Despite having the highest percentage of companies with their own security budget, 52% of companies in India say they have been the victim of a successful cybersecurity attack in the last year. 71% of organisations said the breach was a serious or very serious attack, and 65% said it took more than a week to remediate.
Although the frequency and intensity of attacks have risen, cybersecurity budgets as a percentage of revenue have remained relatively unchanged between 2019 and 2021. At the same time, India has the largest number of businesses with their own security budget.
Commenting on the development, Sunil Sharma, Managing Director – Sales, Sophos India and SAARC, said, “Cyberbreaches are a reality that we cannot afford to ignore. Within an organisation, there will always be multiple threats that can exploit various vulnerabilities and launch full blown cyberattacks. The only way to stop these threats is to actively hunt for them and neutralize them. This makes threat hunting an important function to mitigate the damage caused by cyberattacks. Hence, there is a strong need for increased cybersecurity budgets to include threat hunting in house or outsourced services like managed detection and response (MDR). Our findings show there is budget allocated for cybersecurity in India, but it isn’t enough. Indian organisations need to view cybersecurity as a value to the business and increase their budgets accordingly.”
Statistics
In 2020, 44% of the Asia Pacific and Japan (APJ) organisations surveyed experienced a data breach, up from 32% in 2019. The loss of data was rated as “very serious” (24%) or “serious” (55%) by 55% of organisations in these successful breaches (31%). 17% of the companies polled said they had at least 50 attacks a week. Malware, AI/ML-driven attacks, and nation-state attacks would be the most significant threats to enterprise cybersecurity over the next 24 months, according to the study, as cyberattacks continue to grow.
Trevor Clarke, Lead Analyst and Director at Tech Research Asia, said “Ultimately, security is about right sizing the risk. If the risk increases, budgets should also increase, but in this climate of uncertainty, we’ve seen organisations take a conservative approach to security spending, which is impacting their ability to stay ahead of cybercriminals,”