Cyber SafetyPress ReleaseThreat Detection & Defense

Tenable Study: 40% of APAC Organisations Ineffective at Preventing Cyber Attacks

Tenable®, Inc., the Exposure Management company, recently revealed that Asia Pacific (APAC) organisations could not prevent 41% of cyberattacks on their businesses, only successfully stopping 59% of cyberattacks over the past two years. Consequently, organisations have had to rely on reactive measures rather than preventing attacks from occurring in the first place.

The study further revealed that 76% of APAC respondents believe their organisation could better combat cyberattacks with more resources dedicated to preventive cybersecurity. However, a concerning 61% indicated that their cybersecurity teams spend the majority of their time addressing immediate threats, hindering them from adopting a proactive stance.

The data is drawn from the APAC edition of Old Habits Die Hard: How People, Process and Technology Challenges Are Hurting Cybersecurity. The report was drafted based on a survey of 825 cybersecurity and IT leaders globally including 219 in APAC in 2023, conducted by Forrester Consulting on behalf of Tenable.

The study underscores the importance of a proactive rather than reactive approach to cybersecurity and emphasises how fragmented cybersecurity tools obstruct organisations from consistently and accurately assessing their cyber risks. Furthermore, the findings indicate that significant challenges arise not just from external threats, but also from inherent issues within the organisation’s own structure and operations.

APAC organisations were also struggling to identify the right threats to remediate, with only 20% of respondents reporting they are “extremely confident” that their organisation’s cybersecurity practices were successfully reducing their risk exposure. An even lower 15% were “extremely confident” that the vulnerabilities they prioritised for remediation over the past year were ones that posed the greatest threats to the organisation.

Nigel Ng, Vice President, Asia Pacific and Japan, Tenable, said, “In today’s digital landscape, preventive cybersecurity isn’t a luxury, it’s a necessity. The old-school reactive measures are akin to putting a band-aid on a gaping wound. Our study underscores the urgent need for APAC organisations to bolster their preventive measures to staunch the bleeding before it begins. Adopting preventive risk mitigation strategies is about bridging the gap between technical risks and business implications. It’s about gaining clarity on the lurking threats and understanding their potential impact on business operations, enabling a quicker and more targeted response.”

Ng noted, “While there are no quick fixes to the challenges firms are facing, examining the disparity between low-maturity and high-maturity organisations across the overall sample shines a light on the roadmap towards enhanced cybersecurity. By learning from high-maturity organisations, embracing data aggregation, and cutting down on reactionary measures, APAC organisations can pivot towards a more preventive cybersecurity stance, reducing their risk profile substantially.”

  • Low-maturity organisations globally are more likely to be stuck in reactive mode. In the past 12-24 months, high-maturity organisations preventively defended against 61% of the attacks they experienced and reactively mitigated against the rest. In low-maturity organisations, 56% of attacks were preventively defended while 44% were reactively mitigated.
  • High-maturity organisations globally see the value in data aggregation: 57% use aggregation tools to collect and analyse data to quantify risk exposure, compared with only 46% of low-maturity organisations.
  • High-maturity organisations globally spend far less time each month producing reports for business leaders than their low-maturity counterparts: 57% of high-maturity organisations say it takes 11 hours or more to produce such reports, compared with 72% of low-maturity organisations.

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *