Here is a small survey that poses big questions on how budgetary and human-resources concerns can impact organizations’ cyber postures

In a late-2023 survey of 1,260 IT & IT security engineers (managerial levels and above) in 19 countries* on the human factor in cybersecurity, various trends were noted among the respondents in the region  (234 in total) and its industries, and beyond.
In terms of whether cybersecurity investments had been deem sufficient or not, 19% of APAC respondents had cited experiencing cyber incidents due to insufficient cybersecurity investment in the two years before the survey.

When respondents were questioned about their organizations’ finances, 16% cited that the latter did not “have the budget for adequate cybersecurity measures”.

In terms of “distribution of (the corporate) budget for cybersecurity” 19% of APAC respondents cited disparities that had led them to “endure cyber incidents in the last two years”.

Other findings

Among APAC respondents, 100% of those in the financial services cited that their organizations were set to keep up with and stay ahead of all new threats. Other trends include:


  • The retail respondents (37%) reported the greatest number of cyber breaches, blaming the lack of budget. Meanwhile, some industries showed a smaller number of cyber incidents: 11% of manufacturing respondents reported suffering cyber incidents due to budget constraints, while 9% of transport & logistics saw cyber incidents.
  • The next highest reports of cyber incidents came from telecommunication respondents (33%) and those from the critical infrastructure, energy, oil and gas sector (23%).
  • 83% of APAC respondents cited being equipped to keep up with or even stay ahead of new threats, while 15% cited not having sufficient funds to protect their organization’s infrastructure properly.
  • 2% of all respondents claimed they were not granted a dedicated budget for cyber protection needs.
  • 18% of all respondents cited a skills shortage in cybersecurity as the cause of incidents in their organizations, with 75% of all respondents regarding the shortage of skilled staff as a serious problem.
  • One of the most popular areas of investment was threat detection software (46%), and training, where 50% of all respondents cited plans to allocate budgets for educational programs for cybersecurity professionals and 46% for training general staff. Other popular measures cited by respondents were introducing endpoint protection software (42%), hiring additional IT professionals (37%) and adopting SaaS cloud solutions (45%).

    • Commented Adrian Hia, Managing Director (Asia Pacific), Kaspersky, the firm commissioning the survey:  “Retail being the industry which suffered most cyber incidents here makes sense as cybercriminals follow the money trail. These companies are part of the greater digitalization movement in the region and hold treasure troves of data, specifically financial ones… Threat actors know which company to target. They know the data they want and where to get them. I encourage all industries in APAC, especially those that handle critical information, to allot better cybersecurity budget to ensure the safety of their businesses, and most importantly, of their customers’ sensitive data.”

    The firm reiterated that returns on investments in cybersecurity can include the following metrics to justify greater budgetary allocations from their Board of Directors:


  • improvements in Mean Time to Detection
  • improvements in Mean Time to Response
  • reduced potential monetary impact of any prevented or controlled cyber incident statistics
  • other relevant metrics from publicized global cyber incident statistics

    • * Brazil, Chile, China, Colombia, France, Germany, India, Indonesia, Japan, Kazakhstan, Mexico, Russia, Saudi Arabia, South Africa, Spain, Turkey, UAE, UK and USA and in small- and medium-sized firms with 100+ employees, or enterprises with more than 1,000 employees. APAC respondents comprised 234 respondents.