Security Market Segment LS
Friday, 08 March 2019 11:27

APAC companies hit harder by cyber breaches


A new study suggests companies in the Asia-Pacific region are struggling to contain the cost of cyber breaches.

Cisco's 2019 CISO Benchmark Study [PDF] surveyed 3200 IT security leaders in 18 countries, including Australia, China, India and Japan.

The company has for the first time broken out figures for the APAC region. And the news isn't all good.

Globally, 8% of respondents said the total cost of the highest impact breach they experienced in the last year was US$5 million or more. That figure remained unchanged from the 2018 report.

And at the other end of the scale, the proportion of companies reporting the cost was under US$500,000 increased from 47% to 51%, suggesting that "costs are down a little, or at least under control".

(If the size of those losses seems extraordinarily high, bear in mind that the people surveyed all worked for organisations with at least 250 employees and a formal IT department, and they mostly had job titles such as CISO, CTO, or IT director, and were actively involved in IT security.)

Cisco security marketing director Ben Monroe explained that the significance of US$500,000 was that in many companies it was the threshold for requiring board involvement.

But among the four APAC nations included in the study, 17% reported losses of US$5 million and above, more than twice the global incidence, and only 39% said the maximum loss was under $500,000.

Asked to explain these differences, Cisco vice-president of global security sales, John Maynard, suggested one reason could be that APAC organisations tended to use a more fragmented (ie, less integrated) set of security tools.

Traditionally, organisations have tended to select a particular product to address a particular security issue. This is often referred to as the 'best of breed' approach.

Its weakness is that it makes it hard to orchestrate the reaction to a breach. In contrast, more integrated tools provide better protection and recovery.

Globally, 63% of organisations used less than 10 security vendors, whereas that was true of just 54% companies in the APAC region, Monroe said.

Perhaps not surprisingly, 79% of all respondents said it was somewhat, or very, challenging to orchestrate alerts from products supplied by multiple vendors, and that rose to 93% in APAC.

The survey also found that time to remediate — rather than just detect — a breach has become a more common metric. In 2018, it was used by 30% of respondents, but it has shot up to 48% this year – "a surprise to all of us", said Maynard.

Interestingly, that 48% also applies to APAC.

"Cyber security is a numbers game, one that is skewed in favor of malicious actors. Businesses need to win all the time, while attackers need just one successful hit to make an impact," said Maynard.

"Every time the attackers succeed, there is a financial impact on the company targeted. This includes out-of-pocket expenses, legal fees, reputational damage and loss of business. The fact that an increasing number of companies are being able to contain this cost is a sign that businesses are starting to gain more control and balance their risks when hit by a breach.

"While this is a move in the right direction, a lot more needs to be done."

Read 2532 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.

Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Stephen Withers

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News