Discover key insights from Tenable’s latest study on cybersecurity in the Asia Pacific region. Learn why organizations need to shift from reactive to proactive cybersecurity strategies to effectively combat cyber threats and reduce risk exposure.
Tenable®, Inc., a company specializing in Exposure Management, has unveiled a concerning trend in the Asia Pacific (APAC) region. According to their latest findings, APAC organizations were unable to prevent 41% of cyberattacks on their businesses over the past two years, successfully thwarting only 59% of these incidents. Consequently, organizations have had to rely on reactive measures rather than proactively preventing these attacks from happening in the first place.
The study also highlighted that 76% of APAC respondents believe their organizations could enhance their ability to combat cyberattacks by dedicating more resources to preventive cybersecurity. However, a worrisome 61% of respondents indicated that their cybersecurity teams spend most of their time addressing immediate threats, preventing them from adopting a more proactive approach.
This data was gathered as part of the APAC edition of the report titled “Old Habits Die Hard: How People, Process and Technology Challenges Are Hurting Cybersecurity.” The report is based on a survey conducted by Forrester Consulting on behalf of Tenable, which included 825 cybersecurity and IT leaders globally, with 219 of them located in APAC in 2023.
The study emphasizes the importance of adopting a proactive approach to cybersecurity rather than a reactive one. It underscores how the use of fragmented cybersecurity tools hinders organizations from consistently and accurately assessing their cyber risks. Furthermore, the findings indicate that significant challenges in cybersecurity stem not only from external threats but also from internal issues within an organization’s structure and operations.
APAC organizations also faced challenges in identifying the most critical threats to address. Only 20% of respondents expressed “extreme confidence” that their organization’s cybersecurity practices effectively reduced their risk exposure, and an even lower 15% were “extremely confident” that the vulnerabilities they prioritized for remediation over the past year were the most significant threats to the organization.
Nigel Ng, Vice President, Asia Pacific and Japan, Tenable, stressed the urgency of preventive cybersecurity measures in today’s digital landscape. He compared reactive measures to putting a band-aid on a significant wound and urged APAC organizations to strengthen their preventive strategies. Adopting preventive risk mitigation strategies is essential for understanding potential threats and their impact on business operations, allowing for a quicker and more targeted response.
Ng also pointed out that while there are no quick fixes for the challenges organizations face, there is a roadmap toward enhanced cybersecurity. Learning from high-maturity organizations, embracing data aggregation, and reducing reliance on reactionary measures can help APAC organizations shift toward a more preventive cybersecurity approach, significantly reducing their risk profile.
The study found that low-maturity organizations globally tend to remain in reactive mode. In the past 12-24 months, high-maturity organizations managed to preventively defend against 61% of the attacks they encountered and reactively mitigate the rest. In contrast, low-maturity organizations prevented 56% of attacks preventively, with 44% being reactively mitigated.
High-maturity organizations globally recognize the value of data aggregation, with 57% using aggregation tools to collect and analyze data to quantify risk exposure, compared to only 46% of low-maturity organizations. Moreover, high-maturity organizations spend significantly less time each month producing reports for business leaders. While 57% of high-maturity organizations require 11 hours or more to produce such reports, the figure is much higher at 72% for low-maturity organizations.
The findings from Tenable’s study underscore the critical need for organizations in the Asia Pacific region, and globally, to shift from a reactive cybersecurity approach to a more proactive one. With a significant portion of cyberattacks eluding prevention, dedicating additional resources to preventive cybersecurity is imperative. Moreover, embracing data aggregation and reducing reliance on reactionary measures can lead to a more robust and effective cybersecurity posture. The road to enhanced cybersecurity lies in learning from high-maturity organizations and bridging the gap between technical risks and business implications. It is essential for organizations to recognize that in today’s digital landscape, preventive cybersecurity is not a luxury but a necessity for safeguarding their operations and data.