As of 2024, the cybersecurity landscape in Asia is characterised by rapid digital transformation, increasing regulatory scrutiny, and evolving threat landscapes. Here are some key aspects shaping this environment:
Increased cyber threats: Asia has seen a surge in sophisticated cyber threats, including ransomware attacks, phishing, and nation-state cyber activities. The rise of cybercriminal organisations has led to more targeted and advanced attacks on both private and public sectors.
Regulatory developments: Governments across Asia are implementing stricter cybersecurity regulations and standards. Initiatives like the Personal Data Protection Act (PDPA) in Singapore and various cybersecurity frameworks in countries like India and Japan are pushing organisations to adopt better security practices.
Cybersecurity investment strategies: Organisations are increasingly investing in advanced security technologies, including artificial intelligence (AI) and machine learning (ML), to enhance threat detection and response capabilities. There is also a notable rise in Managed Security Service Providers (MSSPs) to handle complex security needs.
Talent shortage: The region continues to face a significant shortage of cybersecurity professionals, making it challenging for organisations to build and maintain effective security teams.
Long-term business benefits of a robust cybersecurity posture
Kumar Avijit, vice president at the Everest Group, says cybersecurity has a dual mandate, which has intertwined forces leading to the holistic security of enterprises. In the chart below we see the established market as “security for operational resilience” and obscure market as “security for growth”.
Source: Everest Group 2024
He posits that leading with a security to growth mindset helps organisations accelerate their digital transformation efforts. They become more attractive to talent who want are looking to align with like-minded brands.
“Thus, investing significantly with the above two mindsets helps to achieve multiple benefits. I would say brand building and continuous topline growth as long-term benefits arising from switching onto a security for growth mindset,” he further adds.
Role of regulation
When asked about the role of compliance in justifying cybersecurity spending, he comments that compliance and regulations are helping CISOs accelerate investment in cybersecurity. He recalls that in the past regulated industries such as BFSI, HLS, and Public sector, which constitute greater than 40% of the cybersecurity market, were primarily consuming security as it was compliance led and they continue to do that now.
“Interestingly, CISOs now are ensuring security gaps to be included as part of audit finding and presented to the board for ensuring security spending or driving up security spend. As CISOs would get funds to fix the security gaps,” he ponders.
Quantifying ROI
While Boards continue to endorse the importance of cybersecurity as a staple of business-as-usual, calls for quantifiable ROI will continue to ask of CISOs. Avijit says “The ROI question has always been around for CISOs/CIOs on their cybersecurity investment, but the regular breach cost, ransomware payout, and publicly available figures from loss of business due to security misdoings has shifted priority for enterprises.”
He suggests that for CISOs to tap into the growth mindset, they should start thinking about security for growth and look into the business benefits.
Can cybersecurity investments support broader business objectives
Kumar Avijit
Avijit says that enterprises need to shift their mindset from “security to protect” to “security to grow”. “As they adopt the security for growth mindset, which can be across four organisation objectives, including strategy enablement, productivity, topline growth and brand building,” he continues.
“Driving security investment aligned to these organisation objectives can help enterprises meet their security needs and also help in meeting business needs through security.” Kumar Avijit
Allan is Group Editor-in-Chief for CXOCIETY writing for FutureIoT, FutureCIO and FutureCFO. He supports content marketing engagements for CXOCIETY clients, as well as moderates senior-level discussions and speaks at events.
Previous Roles
He served as Group Editor-in-Chief for Questex Asia concurrent to the Regional Content and Strategy Director role.
He was the Director of Technology Practice at Hill+Knowlton in Hong Kong and Director of Client Services at EBA Communications.
He also served as Marketing Director for Asia at Hitachi Data Systems and served as Country Sales Manager for HDS’ Philippines. Other sales roles include Encore Computer and First International Computer.
He was a Senior Industry Analyst at Dataquest (Gartner Group) covering IT Professional Services for Asia-Pacific.
He moved to Hong Kong as a Network Specialist and later MIS Manager at Imagineering/Tech Pacific.
He holds a Bachelor of Science in Electronics and Communications Engineering degree and is a certified PICK programmer.
