Released in April 2022 by the IDC, The Asia/Pacific (Excluding Japan) Security and Trust Study 2022 examines how security technology buyers in the region are addressing their cybersecurity concerns. Notably, the study found that although CEOs in the Asia Pacific region (excluding Japan) have become more actively engaged in cybersecurity interactions, the complexity of cyber threats and challenges continues to inhibit the effectiveness of existing approaches to address cybersecurity concerns.
The IDC study provides an in-depth analysis into companies’ perception of cybersecurity threats, and their responses to these perceived threats, at a people, process, and technology level. According to the IDC’s research, 69% of CEOs were found to be engaged in either weekly (37.2%) or bi-weekly (31.5%) cybersecurity interactions. Security technology buyers’ concerns about protecting their identity, cloud, and data, top their technology investment intentions. There has been a closer focus on cyber processes and personnel which had previously been lacking. Notably, the study also found that the proliferation and accessibility of resources and vendors in the cybersecurity market also aids buyers of security technology in addressing their security concerns.
However, key findings from the IDC report highlight that the complexity of IT systems, and evolving regulations, continue to be major challenges for IT security professionals. These challenges cannot be overcome unless infrastructural issues associated with current measures on processes and people, and problems such as ill-defined roles and responsibilities, are addressed.
Simon Piff, Vice President of Trust and Security Research, IDC Asia/Pacific, notes that most security technology acquisitions’ reactions to perceived cybersecurity threats are not a new development. A more “strategic and holistic approach” would be required to address the “myriad of threats and challenges, whilst moving to simplify the technology stack and its integrations.”
For instance, the study found that security technology buyers tended to devote more attention to risk management, KPIs, and development of processes. However, important technologies – such as AI/analytics, security automation, and cybersecurity infrastructure modernization – tend to be overlooked, and remain low on companies’ investment agenda.
Hence, the IDC study aims to be a better guide for technology vendors to align their messaging with the security needs of the security decision-making units, within target markets, by looking into:
- Perceived Threats;
- Risk Management Processes;
- Planned Investment Areas; and
- Overall Understanding and Attitude Towards the Concept of Trust
The IDC study provides useful insights into the decision-making processes and considerations of CEOs and security technology buyers in the Asia-Pacific region. Its recommendations for a more holistic integration of technology, processes, and people, within companies’ existing approaches to address their cybersecurity concerns, are especially crucial given the increasingly-complicated nature of the cybersecurity threat.