‘IT security budget stagnant despite rise in cyber attacks’
Cyber attacks against Philippine organizations continued to rise both in “frequency and severity” last year, but it seems that decision makers continue to remain apathetic about it and choose to retain their budgets instead of increasing them for heightened cybersecurity.
This was one of the key findings of next-generation cybersecurity solutions provider Sophos in its latest survey report titled “The Future of Cybersecurity in Asia Pacific and Japan,” which showed that cyberattacks in the Philippines increased by 7 points to 31 percent in 2020 from 24 percent the year prior.
According to the report, despite the increase in cyberattacks, there is no expected increase in the median percentage of information technology
(IT) budgets that is spent on cybersecurity, which is at 10 percent today and expected to remain the same for the next 24 months.
The report noted however that 44 percent of Philippine businesses are concerned that their cybersecurity budget is currently below where it needs to be.
“Ultimately, security is about right-sizing the risk. If the risk increases, budgets should also increase. Yet, in this climate of uncertainty, we’ve seen organizations take a conservative approach to security spending, which is limiting their ability to stay ahead of cybercriminals,” Trevor Clarke, lead analyst and director at Tech Research Asia, said in a statement sent by Sophos.
Sophos Global Solutions Engineer Aaron Bugal noted that the top frustrations in the region “reflect boardroom indifference” as survey respondents believe that cyber threats are “overblown.”
“Our research highlights a disturbing attitude—executive teams claiming that cybersecurity incidents are exaggerated. It is confounding that this attitude prevailed even when the end of 2020 showed us just how bad a global supply-chain attack could be. If that weren’t enough, the more recent zero-day vulnerabilities in widely deployed email platforms would demonstrate the desperate need for unification in cyber resilience. Everybody needs to play their part as we all need to understand and mitigate the risk,” he said.
The report also found that there is a gap in cybersecurity skills in the
Philippines, as nearly 45 percent of Philippine businesses “have said that lack of cybersecurity skills is challenging for their organization.” This has resulted in 48 percent of surveyed organizations finding it hard to recruit skilled cybersecurity professionals.
The pandemic, according to the statement sent by Sophos, made companies realize the need to upgrade their strategies and tools in combating cyber threats.
“Covid-19 compelled companies to refresh their cybersecurity strategies, yet the transformational shift to remote working also exposed additional weaknesses. Businesses have transformed their workplace environments, undergone an accelerated digitization period, yet continue to confront systemic cybersecurity issues, including executive apathy, low budgets, and a lack of skilled cybersecurity professionals. Despite improvements made, progress remains slow, reinforcing our belief that cybersecurity is never ‘ finished ’ and requires a constant focus, both from technological and cultural viewpoints,” Clarke said.