However they lack the influence required to shore up security strategies.
Cybersecurity leaders in APAC assume greater accountability and risk for ensuring a strong security posture in the past year (61 per cent), compared with the global average (56 per cent). Specifically, cybersecurity leaders in this region believe that they must contend with risks like phishing and social engineering attacks (61 per cent), ransomware (59 per cent) and device vulnerabilities (58 per cent).
At the same time, while 60 percent of respondents believe that cybersecurity leaders should report directly to the CEO, only 6 percent of security leaders in APAC actually do. On average, they are three levels away from the CEO, which poses challenges in ensuring that the leadership have an accurate and complete understanding of security risks facing the organisation.
Without securing buy-in from their senior leadership, cybersecurity leaders struggle to establish authority and establish their desired security posture. In fact, only 37 percent of respondents in the region agree that their organisation values and effectively leverages the expertise of their cybersecurity, compared to 43 percent globally. This lack of understanding from senior leadership (52 per cent) and executive support (51 per cent) has subsequently been identified as key factors leading to concerns around job security.
In LogRhythm’s latest report Security and the C-Suite: Making Security Priorities Business Priorities focuses on the roles and responsibilities of cybersecurity leaders.
The report found that more than half of organisations (55 per cent) in Asia Pacific (APAC) has experienced a cyberattack in the last two years and spend an average of US$17 million each on security activities. Of these organisations, 43 percent of respondents believe that IT security leaders should be held most accountable for preventing or mitigating the consequence of a cyberattack, compared to the CEO (18 per cent) or both the CEO and IT security leader (22 per cent).
New Security Pitfalls Stem from the COVID-19 Pandemic
This comes at a time when the Covid-19 pandemic has brought about novel security challenges for cybersecurity leaders. This is especially salient in APAC, with 69 percent of respondents, the highest globally, indicating that their biggest security challenge today is securing the remote workforce.
Across the region, close to 70 percent of organisations have more than a quarter of their employees and contractors working remotely. This poses new threats and increases the risk to their sensitive data, with respondents attributing this to:
- Employees using less secure home networks (71 per cent)
- Family members being allowed to use the work device (65 per cent)
- Security protocols not being followed closely (63 per cent)
The Need to Make Security Priorities Business Priorities
The research also revealed that even amid the rising threat of cyberattacks, only 29 percent of cybersecurity leaders in the region report to the board of directors to brief them on cybersecurity risks. Furthermore, only 43 percent of them do so reactively after a security incident occurs. 76 percent of organisations also do not have a board-level committee dedicated to cybersecurity threats and issues facing the organisation.
The study was conducted in conjunction with Ponemon Institute, and featured 1,426 global respondents, including chief information, technology and security executives. Respondents were located in APAC, EMEA and the United States.