Cybersecurity still not a top priority for local enterprises
By Sherrel Roche August 29, 2017
- Only twenty-four percent of enterprises are mulling transforming their cybersecurity solutions
- IDC research indicates that MSS in Malaysia are expected to grow to US$224 million in 2021
FOR the past two years, Malaysia witnessed a sharp increase in the number of data breaches and cybersecurity incidents.
The severity of these sophisticated attacks is forcing enterprises to relook at their security practices, causing cybersecurity to become a critical business priority.
The IDC business and IT services end-user survey revealed that IT security is considered the second choice of priorities, right after network transformation. We identified that only 24% of enterprises are considering transforming their cybersecurity solutions in response to changes brought about by digital technologies.
The fortunate thing is that enterprises recognise the challenge and are willing to rely on managed security service providers (MSSP) to address their security challenges.
A recent survey conducted by IDC revealed that over 65% of surveyed Malaysian enterprises are interested in partnering with professional security service providers.
However, in my opinion, most enterprises in Malaysia are still underprepared to deal with the current cybersecurity challenges as the situation is exacerbated by weak data protection and breach notification regulations.
The absence of a strong and up-to-date regulatory environment, lack of qualified cybersecurity professionals, and the limited capabilities of local professional security services entities has dampened the situation which is likely to get worse before it gets better.
The evolving Malaysian Managed Security Services (MSS) landscape
IDC research indicates that the managed security services (MSS) in Malaysia are expected to grow to US$224 million in 2021 at a five-year compound annual growth rate (CAGR) of 25%.
The recently published “Malaysia Cybersecurity, 2017 — The Growing Need to Build a Strong Cybersecurity Ecosystem” study revealed that one of the key factors that drives the demand for MSS is the need to move from a capex to an opex model. Engagement with a MSSP creates a predictable expense with a regular cadence in the budget cycle.
Furthermore, the industry is starting to recognise the importance of an effective security operations centre (SOC) in managing risks as it plays a central role in protecting enterprises against the fast-evolving cyberthreat landscape. In-house 24x7 security solutions are expensive and challenging to sustain and security expertise is scarce resulting in more businesses turning to MSSPs.
There have always been strong players in the security market such as Dimension Data, HPE, IBM, and Symantec.
Apart from that, the presence of local security service providers such as DNeX, Quann, Sysarmy and more appear to be prominent in the market.
Local as well global vendors are investing in next-generation SOC including providing security services such as advanced security event monitoring, threat analytics, cyber threat management, and incident response.
Local players are still struggling to create a presence in the market compared to global players. They are less in demand mainly because they don't carry brand equity and recall value.
For most enterprises, local presence and personal contact are the top priorities when it comes to partnering with a vendor. Amid this fierce competition, local vendors should focus on developing their own USP; be it pricing or delivering industry-specific or customised security solutions.
Sherrel Roche is a senior market analyst, Services Research at IDC Asia/Pacific.