Businesses spending higher percentage of technology budgets on cybersecurity, Sophos research reveals

Increase includes investment in threat hunting defence strategies

Sophos, a global leader in next-generation cybersecurity, today released additional findings from its survey report, The Future of Cybersecurity in Asia Pacific and Japan, in collaboration with Tech Research Asia (TRA), revealing businesses are increasingly prioritising budget for cybersecurity. In 2022, 11 per cent of technology budgets across India are dedicated to cybersecurity.

Organisations in India have identified threat hunting as a key consideration for strengthening cybersecurity defences. Most organisations (95 per cent) undertook threat hunting to bolster their cybersecurity capabilities in 2021; of those that did, 85 per cent stated the approach is critical or important to their company’s overall cybersecurity capabilities.

“It’s great to see organisations taking cybersecurity more seriously, with budgets and maturity levels on the rise and organisations looking to build threat hunting into their cyber defence strategies,” said Aaron Bugal, global solutions engineer at Sophos.

“Given that threat hunting has become a priority for the majority of organisations, it’s interesting to see that cybersecurity professionals across APJ rank ‘not being able to keep up with the pace of threats’ in their top five frustrations in 2022, as indicated in the survey.

“Even with the additional investment, organisations need to ensure they are not overstating their maturity levels and the implementation of threat hunting solutions, leading to complacency. With increased maturity and investment, one would think successful cyberattacks would decline, however they continue to wreak havoc. Sophos’ State of Ransomware Report reveals 78 per cent of Indian organisations were hit by ransomware in 2021, up from 68 per cent in 2020. With this in mind, it’s important for organisations to review their cyber strategies regularly and address the gaps.”

This is becoming increasingly important considering Sophos has seen an uptick in the number of instances where organisations are being attacked multiple times – sometimes simultaneously.

“Organisations must be active in their approach to combatting cyberattacks, with threat hunting functioning as an always-on activity and not a once or twice a year exercise. Organisations must constantly be on the front-foot to identify and thwart attacks, and regular and consistent threat hunting is key to this; failure to do so means organisations will remain vulnerable,” said Bugal.

Organisations are reactive and passive in their approach to cybersecurity

Forty-three per cent of Indian companies surveyed haven’t made a change to their information or cybersecurity approach in the last 12 months, indicating a passive attitude to cybersecurity—something that must be addressed as a priority. The driving factor behind a change in strategy is an attack or breach, leading to an “attack, change, attack, change” cycle, a trend observed since 2019. In fact, 52 per cent of the respondents are planning to make changes in the next six months due to experiencing an attack, highlighting the current reactive approach organisations take to managing their security.

“Cybersecurity strategies must move with – or even faster than – the threat landscape and, sadly, that’s not happening at the moment. By updating cybersecurity strategies after a successful attack, organisations will always remain in a reactive state and continue to be easy targets for attacks. Organisations that need help can outsource all or part of their threat hunting procedures to experts who monitor systems 24/7 and who also have access to telemetry and artificial intelligence for faster detection and response capabilities,” said Bugal.

###

About this research

Sophos commissioned Tech Research Asia (TRA) to undertake this research into the Asia Pacific and Japan cybersecurity landscape. This includes a major quantitative survey where a total of 900 responses were captured across Australia, India, Japan, Malaysia, Philippines, and Singapore.

About Sophos

Sophos is a worldwide leader in next-generation cybersecurity, protecting more than 500,000 organisations and millions of consumers in more than 150 countries from today’s most advanced cyberthreats. Powered by threat intelligence, AI and machine learning from SophosLabs and SophosAI, Sophos delivers a broad portfolio of advanced products and services to secure users, networks and endpoints against ransomware, malware, exploits, phishing and the wide range of other cyberattacks. Sophos provides a single integrated cloud-based management console, Sophos Central – the centrepiece of an adaptive cybersecurity ecosystem that features a centralised data lake that leverages a rich set of open APIs available to customers, partners, developers, and other cybersecurity vendors. Sophos sells its products and services through reseller partners and managed service providers (MSPs) worldwide. Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com.

About Tech Research Asia

TRA is a fast-growing IT analyst, research, and consulting firm with an experienced and diverse team in Sydney | Melbourne | Singapore | Kuala Lumpur | Hong Kong | Tokyo. We advise executive technology buyers and suppliers across Asia Pacific. We are rigorous, fact-based, open, and transparent. And we offer research, consulting, engagement, and advisory services. We also conduct our own independent research on the issues, trends, and strategies that are important to executives and other leaders that want to leverage the power of modern technology. TRA also publishes the open and online journal, TQ. www.techresearch.asia