Tenable Study Finds that APAC Organisations Cannot Prevent 4 out of 10 Cyberattacks

Tenable®, Inc., the Exposure Management company, today revealed that Asia Pacific (APAC) organisations could not prevent 41% of cyberattacks on their businesses, only successfully stopping 59% of cyberattacks over the past two years. Consequently, organisations have had to rely on reactive measures rather than preventing attacks from occurring in the first place. 

The study further revealed that 76% of APAC respondents believe their organisation could better combat cyberattacks with more resources dedicated to preventive cybersecurity. However, a concerning 61% indicated that their cybersecurity teams spend the majority of their time addressing immediate threats, hindering them from adopting a proactive stance. 

The data is drawn from the APAC edition of Old Habits Die Hard: How People, Process and Technology Challenges Are Hurting Cybersecurity. The report was drafted based on a survey of 825 cybersecurity and IT leaders globally including 219 in APAC in 2023, conducted by Forrester Consulting on behalf of Tenable.

The study underscores the importance of a proactive rather than reactive approach to cybersecurity and emphasises how fragmented cybersecurity tools obstruct organisations from consistently and accurately assessing their cyber risks. Furthermore, the findings indicate that significant challenges arise not just from external threats, but also from inherent issues within the organisation's own structure and operations.

APAC organisations were also struggling to identify the right threats to remediate, with only 20% of respondents reporting they are “extremely confident” that their organisation’s cybersecurity practices were successfully reducing their risk exposure. An even lower 15% were “extremely confident” that the vulnerabilities they prioritised for remediation over the past year were ones that posed the greatest threats to the organisation.

Nigel Ng, Vice President, Asia Pacific and Japan, Tenable, said, “In today’s digital landscape, preventive cybersecurity isn't a luxury, it's a necessity. The old-school reactive measures are akin to putting a band-aid on a gaping wound. Our study underscores the urgent need for APAC organisations to bolster their preventive measures to staunch the bleeding before it begins. Adopting preventive risk mitigation strategies is about bridging the gap between technical risks and business implications. It’s about gaining clarity on the lurking threats and understanding their potential impact on business operations, enabling a quicker and more targeted response.” 

Ng noted, “While there are no quick fixes to the challenges firms are facing, examining the disparity between low-maturity and high-maturity organisations across the overall sample shines a light on the roadmap towards enhanced cybersecurity. By learning from high-maturity organisations, embracing data aggregation, and cutting down on reactionary measures, APAC organisations can pivot towards a more preventive cybersecurity stance, reducing their risk profile substantially.”

• Low-maturity organisations globally are more likely to be stuck in reactive mode. In the past 12-24 months, high-maturity organisations preventively defended against 61% of the attacks they experienced and reactively mitigated against the rest. In low-maturity organisations, 56% of attacks were preventively defended while 44% were reactively mitigated. 

• High-maturity organisations globally see the value in data aggregation: 57% use aggregation tools to collect and analyse data to quantify risk exposure, compared with only 46% of low-maturity organisations. 

• High-maturity organisations globally spend far less time each month producing reports for business leaders than their low-maturity counterparts: 57% of high-maturity organisations say it takes 11 hours or more to produce such reports, compared with 72% of low-maturity organisations. 
  
  

-ENDS-

To read the full study, visit: here

Note to Editors:

• Forrester Consulting conducted an online survey of 825 IT and cybersecurity professionals including 219 APAC-based respondents at large enterprises in the US, the UK, Germany, France, Australia, Mexico, India, Brazil, Japan, and Saudi Arabia. The study was fielded in March 2023.
  
  

• Maturity Modelling: Respondents were scored based on their answers to questions measuring different aspects of their maturity: their use of preventive security tools, how they prioritise resources to reduce threat exposure, and the degree of visibility and collaboration within their organisation. Forrester scored those in the bottom 20% as low maturity, the middle 60% as medium maturity, and the top 20% as high maturity.

About Tenable
Tenable® is the Exposure Management company. Approximately 43,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include approximately 60 percent of the Fortune 500, approximately 40 percent of the Global 2000, and large government agencies. Learn more at tenable.com.

### 

Media Contact:
Tenable PR
[email protected]