Cyber Crime & ForensicPress ReleaseThreat Detection & Defense

APAC Retail Sector Faces Cyber Incidents Amidst Limited Cybersecurity Budget

According to a recent study by Kaspersky, globally, critical infrastructure, oil & gas and energy organizations suffered the biggest number of cyber incidents due to improper budget allocation (25%). In Asia Pacific, however, the retail industry experienced the greatest number of successful cyberattacks in the past 24 months.

The latest survey also revealed that 19% of companies in the region have experienced cyber incidents due to insufficient cybersecurity investment in the last two years. When it comes to companies’ finances, nearly one in five (16%) admit they do not have the budget for adequate cybersecurity measures.

Kaspersky conducted a study to discover the opinions of IT Security professionals working for SMEs and enterprises worldwide regarding the human impact on cybersecurity in a company. The research – aimed at gathering information on various groups of people who influence cybersecurity – considered both internal staff, and external contractors. It also analyzed the impact decision-makers have on cybersecurity in terms of budget allocation. A total of 234 respondents from APAC were surveyed.

Insufficient distribution of budget for cybersecurity led 19% of Asian companies to endure cyber incidents in the last two years.

The situation is different for every industry. For example, retail organisations suffered the greatest number of cyber breaches because of the lack of budget (37%), followed by telecommunication companies (33%) and critical infrastructure, energy, oil and gas sectors (23%).

E-commerce is expected to be a 2.05 trillion USD market in Asia Pacific towards the end of 2023. Retail being the industry which suffered most cyber incidents here makes sense as cybercriminals follow the money trail. These companies are part of the greater digitalisation movement in the region and hold treasure troves of data, specifically financial ones,” comments Adrian Hia, Managing Director for Asia Pacific at Kaspersky.

“Our recent study proves that threat actors know which company to target. They know the data they want and where to get them. I encourage all industries in APAC, especially those that handle critical information, to allot better cybersecurity budget to ensure the safety of their businesses, and most importantly, of their customer’s sensitive data,” he added.

Meanwhile, some industries showed a smaller number of cyber incidents. The manufacturing industry suffered 11% of cyber incidents due to budget constraints, while transport & logistics saw 9% of them.

When asked about the budget for cybersecurity measures, a majority (83%) of respondents from APAC said they are equipped to keep up with or even stay ahead of new threats. However, 16% of companies are not doing so well – 15% report that they don’t have sufficient funds to protect the company’s infrastructure properly.

At the same time, there are still companies without cost allocations for cybersecurity at all – 2% claimed they don’t have a dedicated budget for cyber protection needs.

The most successful industry in APAC in terms of proper monetary distribution for cybersecurity are financial services – 100% of respondents working in this sphere claim their organizations are set to keep up with and stay ahead of all new threats.

Would you say the budget for cybersecurity measures in your company ….?

Many respondents’ companies are eager to take steps to strengthen their cybersecurity in the next 1-1.5 years. One of the most popular areas of investment is threat detection software (46%), and trainings, where half (50%) of companies plan to allocate budgets for educational programs for cybersecurity professionals and 46% for training general staff.

Other popular measures organizations plan to take soon are introducing endpoint protection software (42%), hiring additional IT professionals (37%) and adopting SaaS cloud solutions (45%).

“Today, companies must align cybersecurity investment with a business strategy and consider cybersecurity as one of their business goals. Of course, investments must justify themselves and be effective, so the information security department also faces the task of increasing the ROI of investments in information security and defending investments to senior management or the board of directors. Also, in addition to reducing MTTD and MTTR, information security is tasked with reducing the cost of a security incident. These challenges can be met through the use of various modern approaches and technologies. For example, we are investing in developing our SASE portfolio as well as XDR and MDR with integrated AI, Machine Learning, automated detection and response, automated threat investigation, out-of-the-box integrations and much more. To ensure process transparency and prove the value of our solutions, we also provide C-level dashboards and reports for CISOs, which include information on how many incidents we prevented, how quickly incidents were investigated, and the effectiveness of deployed cybersecurity solutions. We also highlight customer-specific risks, and show them trends particular to the industry to help them shape their cybersecurity by targeting their defenses around current dangers, and justify investments in the necessary technology.” comments Ivan Vassunov, VP, Corporate Products at Kaspersky.

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *