Executives’ assumption that cyber security is “easy” and threats and problems are overstated emerged as the greatest frustration of senior IT and security decision makers in a survey of 900 companies in the Asia-Pacific region.


The Sophos-Tech Research survey, The Future of Cybersecurity in Asia Pacific and Japan, revealed the assumption that cybersecurity threats are exaggerated is now the number one frustration, up from third two years ago.

An insufficient budget was the second-ranking frustration, third was the inability to employ enough cyber security professionals: more than 60% of companies struggle to recruit candidates with the necessary skills. In 2019 the proportion was 67%.

“Our research highlights a disturbing attitude that needs to be tackled head on – executive teams claiming that cyber security incidents are exaggerated,” said Aaron Bugal, global solutions engineer at the survey’s co-sponsor Sophos.

“It is confounding that this attitude prevails even when the end of 2020 showed us just how bad a global supply-chain attack could be,” referring to the Solar Winds and Accellion incidents.

The data also revealed almost 70% of Asia-Pacific organisations suffered a data breach in 2020, an increase of 36% from 2019.

Of the successful breaches, 24% of companies rated them as very serious and 31% as serious. Nearly 17% of organisations surveyed suffered 50 attacks per week.

While 69% of those surveyed agreed the outbreak of Covid-19 was the strongest catalyst for upgrading cyber security strategy and tools in the past 12 months, more than half of the organisations admitted they were unprepared for the security requirements for secure, remote working at the onset of the pandemic.

“Businesses have transformed their workplace environments, undergone an accelerated period of digitisation, yet continue to confront systemic cybersecurity issues, including executive apathy, low budgets and a lack of skilled cyber security professionals,” said Clark.

“Despite improvements made, progress remains slow, reinforcing our belief that cyber security is never finished and requires a constant focus, both from technological and cultural viewpoints.”

The Sophos-Tech Research Asia survey covered Australia, India, Japan, Malaysia, the Philippines and Singapore.

The report combined a quantitative survey of IT and cybersecurity executives from 900 companies, with discussion from virtual roundtables.

Register for free to receive the latest cyber security, data protection and privacy news and analysis straight to your inbox