Cyber security awareness grows but not spending: Cisco poll
By Edwin Yapp March 24, 2021
- Remote working spurs cyber security awareness but does not match spending
- Collaboration essential tool during pandemic; personal devices hardest to defend
CYBER security challenges continue to persist amongst Malaysian organisations with 62% of respondents (compared to 69% in Asia Pacific) saying that they have experienced a 25% or more jump in either cyber threats or alerts since the start of Covid-19 pandemic, according to a new study by Cisco Systems Inc.
The Cisco poll, entitled The Future of Secure Remote Work, also showed that 49% Malaysian organisations ranked cybersecurity as more important than before the pandemic.
However, only 56% of respondents indicated that they are planning to increase cyber security spending in response to these increased threats, 14% lower than than their regional peers in Asia Pacific, the study noted.
Meanwhile, approximately four in 10 (37%) Malaysian organisations responded by saying that they do not plan to change (increase or decrease) cyber security spending in Malaysia compared to 17% in Asia Pacific, the study added.
Speaking to the media to reveal these findings, Cisco Systems Malaysia managing director Albert Chai noted that the jump in threat and/ or alerts is significant especially since most organisations entered Covid-19 unprepared to securely support remote work.
“I can say with confidence that it’s not for the lack of knowledge [of the importance of cyber security] at the board level of companies and business owners that is the challenge,” he told the media, adding that Cisco has been working with the government, particularly the Malaysia Digital Economy Corporation (MDEC) to beef up awareness.
“The importance of cyber security is high but when the rubber meets the road, the investment in cyber security spending is still lacking [in Malaysia], and this boils down to how aware [or not aware] businesses are of being impacted by a security breach.”
Asked why investments in cyber security are still not up-to-par with regional counterparts and where the impediments for organisations in Malaysia lie, Chai (pic, left) said he can’t be sure, surmising only that there may be a dichotomy between the larger enterprises and small and medium enterprises (SMEs) polled.
“We can see cyber security spending trending up in large enterprises but Malaysia also relies heavily on SMEs as an engine for growth,” he argued. “SMEs contribute close to 30% of our GDP and we have about a million of them for a population size of 30 million.
“In the pandemic there could have possibly been a divide between the ‘haves and have nots,’ with the budget for cyber security in larger enterprises accelerating while not [happening] the same for SMEs.”
That said, Chai clarified that the questions for this study were very focused on how prepared organisations were for the Covid-19 pandemic and how they reacted to the switch to remote working during that period.
Under this context, the relatively large number of respondents indicating that they didn’t see the need to spend more or less (no change) on cyber security may have skewed the numbers [in the study], he explained.
Koo Juan Huat, director of security sales for Cisco, offered another reason why respondents indicated no change in their cyber security spending pattern given the rise in threats and alerts.
Acknowledging that customers know that cyber security has evolved and is more damaging to businesses today, Koo pointed out that organisations sometimes look at their cyber security risk the way they would buy an insurance policy.
Companies buy insurance to protect themselves in the event of an incident based on the perceived risk, he argued.
“But as more SME digitise their businesses, they may relook at their cyber security risks profile,” he explained.
“[SME] customers may not get on board immediately but as they advance their digitalisation, they are expected to increase their cyber security investments and invest more to mitigate against attacks.”
The Cisco study was a global study conducted between June and September last year. Culled from a total of 3,196 respondents from 21 countries across Americas, Europe, and Asia Pacific, the study polled IT decision makers from a continuum of 30 industries. For Malaysia, 156 respondents were polled.
The Malaysian portion of the study revealed that 56% of respondents were very prepared for the overnight shift to remote working, while 36% were somewhat prepared. Some 7% said they were not prepared at all and 1% they didn’t know if they were prepared.
Secure access is the top cybersecurity challenge faced by Malaysian organisations when supporting remote workers at 74%, followed by data privacy (65%); maintaining control and enforcing policies (60%); protection against malware (53%); and verifying identity (43%).
Almost two thirds (62%) of Malaysian organisations believe that personal devices were the most difficult to protect, followed by office laptops and desktops (58%); customer information (56%); and cloud applications (55%).
Meanwhile, Malaysia is only one of two countries in Asia Pacific that ranks collaboration tools as the most important IT solution adopted during the pandemic.
The Cisco study also revealed that only 20% of respondents practised remote working before the pandemic compared to 60% during the pandemic.
Significantly, the trend to continue working remotely will hover around 35% after the pandemic, indicating that more organisations are prepared to allow their employees to work remotely.
With this increase in remote working, there is an urgent need to make changes to their cyber security policy. Encouragingly, 97% of respondents said they are looking to make some of their policy changes permanent.
The top four priority areas for Malaysian organisations are: Overall cybersecurity defence posture (34% ranking it first); network access (28%); cloud security (22%); and user and device verification (16%).
Related Stories :