One global survey examined various levels of cyber maturity and their impact on risk exposure and mitigation abilities.

In a March 2023 online survey of 825 IT and cybersecurity professionals (including 219 APAC-based respondents) at large enterprises in the US, the UK, Germany, France, Australia, Mexico, India, Brazil, Japan, and Saudi Arabia on the maturity of their cybersecurity practices, three key trends were gleaned from respondents.

Those in organizations with low-maturity cyber preparedness were more likely to be stuck in reactive mode. In the past 12–24 months, 56% of such respondents (versus 61% in respondents citing high-maturity cyber preparedness) cited they had preventively defended against cyberattacks, while the rest indicated they had reacted to attacks.

Respondents in organizations deemed as highly mature in cyber preparedness saw the value in data aggregation: 57% used aggregation tools to collect and analyze data to quantify risk exposure, compared with 46% of respondents deemed to be from organizations that had low cyber maturity.

Finally, 57% of respondents from organizations deemed to have high cyber preparedness indicated it took 11 hours or more to produce reports for business leaders, compared with 72% of respondents deemed to work in organizations with ‘low’ maturity.

The survey touched on the importance of a proactive rather than reactive approach to cybersecurity; fragmentation in the use of cybersecurity tools; and challenges arising not just from external threats but also from inherent issues within the organization’s own structure and operations.

According to Nigel Ng, Vice President (Asia Pacific and Japan), Tenable, which commissioned the survey: “Adopting preventive risk mitigation strategies is about bridging the gap between technical risks and business implications. It’s about gaining clarity on the lurking threats and understanding their potential impact on business operations, enabling a quicker and more targeted response.”

By learning from high-maturity organizations, embracing data aggregation, and cutting down on reactionary measures, APAC organizations can pivot towards a more preventive cybersecurity stance, reducing their risk profile substantially, Ng asserted.