Data from a survey of 334 cyber professionals and executives from seven countries in the region suggests a link …

Based on a March 2024 international* survey of 1,176 executives^ and professionals on their organization’s cybersecurity and security communication strategies, some salient trends were discerned from the data.

First, of the 334 respondents deemed to represent APAC, 85% rated their organization’s cybersecurity defense as “good” or “excellent” while 46% indicated facing “customer confidence issues” that had prompted “over 9 in 10”of them to adjust their cybersecurity strategy. Of the respondents whose organizations had lost deals due to customer confidence issues, 72% indicated that this had happened in the last 18 months.

Second, 98% of respondents representing the entire APAC region had indicated they had changed their company security strategy in the last 12 months, citing AI utilization (77%) for threat management and new security solutions as the primary driver for change. Other reasons indicated included “changing regulations or compliance requirements” (66%), “new attack types” (58%), and “budget changes” (48%).

Other findings

Third, 80% of respondents representing APAC (96% in Japan) indicated that cybersecurity leaders and CEOs should ultimately bear the responsibility for protecting against and responding to cyber incidents. APAC respondents also showed the following trends:

  • 90% indicated they possessed the right tools to “easily communicate the current security status to key stakeholders across teams” — higher than the global average of 81%. Specifically, 59% of respondents representing APAC indicated facing difficulties in conveying the importance of particular security measures to non-technical executives.
  • 61% agreed to prompts that their “non-security executives understand the company’s regulatory obligations”, alluding to possible communication barriers regarding the value of investments in cybersecurity that could impact their organization’s readiness and response capabilities.
  • 84% of respondents indicated noting an increase in their organization’s cybersecurity budget —higher than the global average of 76%. Furthermore, 84% expressed confidence in having the necessary resources — such as tools, personnel, expertise, and budget — to safeguard their organization from cyberattacks.
  • Respondents in the region indicated that, when submitting cybersecurity reports, they focused on critical data like breaches (75%), incidents (68%), and security risks (67%). Other related operational metrics such as time to detect (57%), time to respond (63%), and time to recover (47%) had less exposure.
  • In terms of communication strategies linked to cybersecurity information reporting, manual and time-intensive approaches were still in use, including static reports (84%), meetings (76%), and emails (67%).

According to Andrew Hollister, Chief Information Security Officer, LogRhythm, the firm that commissioned the survey: “The evolving role of cybersecurity leadership reflects a fundamental shift in how organizations view and manage cyber risk. Today’s threat environment demands a collaborative approach, with senior executives working hand-in-hand with security professionals to understand the risks, make well-informed, strategic decisions, and allocate the necessary resources to safeguard the organization and its clients.”

*across North America, Europe, the Middle East, Africa, and parts of the Asia Pacific region (totaling 334 respondents from Australia, India, Indonesia, Japan, Malaysia, Singapore and New Zealand).

^57% were holding Managers to Directors appointments; 31% holding VP/GM/C-level/CISO titles; 12% were “team members”: analysts, administrators, etc