At least that is what a global cybersecurity firm’s business clients in the region were investing in when surveyed in 2022

In a 2022 survey comprising 3,230 interviews covering 26 countries across a firm’s own B2B clients, including key countries in South-east Asia, a growing demand for outsourcing specific and key cybersecurity functions has been discerned in the region.

According to the data, respondents in SEA were relying on their Managed Security Service Providers (MSSPs) for cybersecurity education, assessment, protection from high-volume attacks and modern cyber threats as well as advanced threat detection and resolution.

Some 48.3% of enterprises polled in the region were choosing to outsource security training, education and awareness functions to third parties such as MSSPs, with the perception that the human factor prominently figured in almost all known security breaches and that humans are the weakest link in the IT ecosystem.

Other respondents showed that their organizations were delegating cybersecurity assessment (58.8%) as well as protection against distributed denial of service or DDoS (44%), advanced persistent threats (39.7%) and Endpoint Detection and Response (42.5%) to MSSPs.

According to Yeo Siang Tiong, General Manager (South-east Asia), Kaspersky, which conducted the survey: “We believe cybersecurity remains a high priority investment area for most businesses in South-east Asia. On the heels of the pandemic, which caused massive business disruptions and dramatic digital transformation, this part of the world understands how it is greatly exposed to cybersecurity risks. The results of our survey shows that organizations in SEA are taking proactive measures to protect and fortify their people, digital assets, operations, and infrastructure.”

Yeo noted that organizations have always been exposed to serious, costly risks accruing to employee mistakes that were either intentional, careless or simply stemming from a lack of knowledge of security issues. As of 2020, the firm’s incident report data has showed an average data breach cost US$1.09m for a large  enterprise, and US$101,000 for small- and medium- sized enterprises.