More than half of Indian organisations admit to falling victim to a successful cyberattack in the last 12 months: Sophos survey
- Sophos study of 900 business decision makers across Asia Pacific and Japan indicates COVID-19 accelerated period of digitisation and was a catalyst for improving cybersecurity, but systemic security issues persist
- Although Indian organisations reported the highest percentage of having an independent security budget, this was not enough to stop cyberattacks
- Malware, AI/ML driven attacks and nation state attacks considered the three most serious threats to enterprise security in next 24 months
- Two thirds of Indian organisations say they have at least a proactive capability when it comes to cyber security: the largest percentage among Asia Pacific and Japan regions
Sophos, a global leader in next-generation cybersecurity, today announced the findings of the second edition of its survey report, The Future of Cybersecurity in Asia Pacific and Japan, in collaboration with Tech Research Asia (TRA). The study reveals that despite cyberattacks increasing, cybersecurity budgets have remained stagnant and executive teams continue to underestimate the level of damage threats can do to organisations.
Insignificant rise in budgets, despite significant rise in attacks
In India, despite having the highest percentage of companies with an independent security budget, 52 per cent of organisations say they fell victim to a successful cybersecurity attack in the last 12 months. Of these successful breaches, 71 per cent of organisations admitted it was a serious or very serious attack, and 65 per cent said it took longer than a week to remediate.
While attacks are increasing in frequency and severity, cybersecurity budgets remained largely unchanged as a percentage of revenue between 2019 and 2021. At the same time, India reported the highest percentage of companies that have an independent security budget. Furthermore, they expect a rise in the median percentage of technology budgets spent on cybersecurity from 9 percent today to 10 percent in the next 24 months.
Adding his thoughts, Sunil Sharma, managing director – sales, Sophos India and SAARC, said, “Cyberbreaches are a reality that we cannot afford to ignore. Within an organisation, there will always be multiple threats that can exploit various vulnerabilities and launch full blown cyberattacks. The only way to stop these threats is to actively hunt for them and neutralize them. This makes threat hunting an important function to mitigate the damage caused by cyberattacks. Hence, there is a strong need for increased cybersecurity budgets to include threat hunting in house or outsourced services like managed detection and response (MDR). Our findings show there is budget allocated for cybersecurity in India, but it isn’t enough. Indian organisations need to view cybersecurity as a value to the business and increase their budgets accordingly.”
Overall, 44 per cent of Asia Pacific and Japan (APJ) organisations surveyed suffered a data breach in 2020, up from 32 per cent in 2019. Of these successful breaches, 55 per cent of companies rated the loss of data as either “very serious” (24 per cent) or “serious” (31 per cent). Seventeen per cent of organisations surveyed suffered at least 50 attacks, per week. As cyberattacks continue to rise, the report found that malware, AI/ML-driven attacks and nation state attacks will be the most serious threats to enterprise cybersecurity over the next 24 months.
“Ultimately, security is about right sizing the risk. If the risk increases, budgets should also increase, but in this climate of uncertainty, we’ve seen organisations take a conservative approach to security spending, which is impacting their ability to stay ahead of cybercriminals,” said Trevor Clarke, lead analyst and director at Tech Research Asia.
END
About this research
Sophos commissioned Tech Research Asia (TRA) to undertake this research into the Asia Pacific and Japan cybersecurity landscape. This includes a major quantitative survey where a total of 900 responses were captured across Australia, India, Japan, Malaysia, Philippines and Singapore. In addition to this, TRA captured qualitative insights from virtual roundtable events in Australia, India, Japan and Singapore (with ASEAN representation).
About Sophos
As a worldwide leader in next-generation cybersecurity, Sophos protects more than 400,000 organizations of all sizes in more than 150 countries from today’s most advanced cyber threats. Powered by SophosLabs and SophosAI – a global threat intelligence and data science team – Sophos’ cloud-native and AI-powered solutions secure endpoints (laptops, servers and mobile devices) and networks against evolving cyberattack techniques, including ransomware, malware, exploits, data exfiltration, active-adversary breaches, phishing, and more. Sophos Central, a cloud-native management platform, integrates Sophos’ entire portfolio of next-generation products, including the Intercept X endpoint solution and the XG next-generation firewall, into a single “synchronized security” system accessible through a set of APIs. Sophos has been driving a transition to next-generation cybersecurity, leveraging advanced capabilities in cloud, machine learning, APIs, automation, managed threat response, and more, to deliver enterprise-grade protection to any size organization. Sophos sells its products and services exclusively through a global channel of more than 53,000 partners and managed service providers (MSPs). Sophos also makes its innovative commercial technologies available to consumers via Sophos Home. The company is headquartered in Oxford, U.K. More information is available at www.sophos.com.
About Tech Research Asia
TRA is a fast-growing IT analyst, research, and consulting firm with an experienced and diverse team in Sydney | Melbourne | Singapore | Kuala Lumpur | Hong Kong | Tokyo. We advise executive technology buyers and suppliers across Asia Pacific. We are rigorous, fact-based, open, and transparent. And we offer research, consulting, engagement and advisory services. We also conduct our own independent research on the issues, trends, and strategies that are important to executives and other leaders that want to leverage the power of modern technology. TRA also publishes the open and online journal, TQ.
