And Australia and a majority of its Asia Pacific counterparts — 55% to be precise — do not conduct risk assessment studies as a precautionary measure and say they will only do so if there was a security breach or suspected breach.
The study, conducted for LogRhythm by research firm Frost & Sullivan, found that approximately 16% of Australian enterprises do not have an action plan in place ahead of any potential security breach, the highest compared to the other countries and regions in the study – Singapore, Malaysia and Hong Kong.
LogRhythm says the data suggests that most enterprises react to data breaches based on previous experience, with the study finding that 80% of organisations in the Asia-Pacific region are confident that their corporate data has not been compromised, while 50% believe their corporate data will not be compromised within the next 12 months.
LogRhythm says respondents of the survey also indicated that they are likely to outsource if a cyber threat system vecame necessary.
Currently, enterprises in Hong Kong have the highest rate of outsourcing 24/7 security service to a third party while enterprises in Australia, Singapore and Malaysia and prefer to manage it in-house.
And in Australia 35% of enterprises have a security operations centre operated locally in-house, while 19% outsource to a managed security service provider.
“It is encouraging to hear that Asia-Pacific enterprises are confident about their resiliency against cyber threats. However, these enterprises must ensure that their sense of confidence is not misplaced by proactively conducting cyber-risk assessment within their organisation,” said Bill Taylor-Mountford, vice-president Asia-Pacific and Japan for LogRhythm.
“A risk assessment study will help organisations accurately understand where they are placed in the security maturity model. This is, by far, the best way to measure an organisation’s cyber resilience. The survey revealed that organisations in the region are rather more complacent – performing risk assessment test only after a breach.”
According to Taylor-Mountford, forward-thinking organisations are more proactive in the way they see cyber attacks.
“While they know that a resilient enterprise is not one that won’t be breached, they are always ready, and able to quickly detect and respond to any potential breach. It is because of this mindset that they are less likely to suffer from any material business impact even if they were breached.”
Touted as a multi-billion-dollar business, LogRhythm notes that cyber crime has been on the agenda for world and business leaders globally, with research firm ASD estimating that the Asia-Pacific cyber security market will “mushroom to US$30.39 billion by 2020”.
Taylor-Mountford says the cyber security market in Asia-Pacific was estimated to be around US$17 billion in 2015, but investment in security intelligence and analytics tools was only 2.8%, a fraction of what enterprises spent on perimeter defence.
And, he says, the sophistication of cyber attacks today has, however, raised the need for integration and proficiency in threat mitigation, as deploying latest tools purchased off the shelf has become inadequate.
Charles Lim, industry principal analyst, Frost & Sullivan, says, “A passive stance and legacy threat detection software do not suffice if we want to win the war against cyber crime”.
“To do this effectively, more enterprises need to shift from a reactive model focusing on perimeter defence tools to a holistic approach combining security intelligence, analytics and human expertise. This is, therefore, no longer a choice, but a necessity.”
To access the survey and whitepaper — "Exploring Cyber Security Maturity in Asia: A study of Enterprise Corporate Executives, IT Executives & IT Practitioners’ Perceptions towards Cyber Security Readiness in Asia-Pacific’ — click here.