Tenable Study Finds 74% of Japanese Organisations Seek More Resources for Proactive Cyber Defence

Tenable®, Inc., the Exposure Management company, published a new study revealing that 74% of Japanese respondents believe their organisations could better defend against cyberattacks with more resources dedicated to preventive cybersecurity. However, a concerning 68% indicated that their cybersecurity teams spend the majority of their time addressing critical incidents, hindering them from taking a proactive stance.

The study further revealed that over the past two years, Japanese organisations successfully thwarted 63% of cyberattacks. However, this meant they were left vulnerable to the remaining 37%, causing them to resort to reactive measures rather than preventing the attacks from the outset.

The data is drawn from, “Old Habits Die Hard: How People, Process and Technology Challenges Are Hurting Cybersecurity Teams in Japan,” a commissioned study of 825 IT and cybersecurity professionals including 50 Japanese respondents conducted in 2023 by Forrester Consulting on behalf of Tenable.

The study, which emphasises the significance of adopting a proactive cybersecurity approach, found that a core reason for the prevalent reactivity in Japanese organisations’ cybersecurity practices is the lack of alignment in goals between IT and security teams. Seven in 10 (72%) organisations say their IT teams are more concerned with uptime than patching/remediation. The disparity results in a lack of coordination between the two teams, a challenge acknowledged by 42% of Japanese organisations.

Japanese organisations were also struggling to identify the right threats to remediate, with only 22% of respondents reporting they were “extremely confident” that their organisation’s cybersecurity practices were successfully reducing their risk exposure. An even lower 10% were “extremely confident” that the vulnerabilities they prioritised for remediation over the past year posed the greatest threats to the organisation.

“Siloed cybersecurity tools, and by extension, the teams behind them, are inadvertently preventing organisations from having a clear, continuous, and comprehensive view of their cyber risk,” said Naoya Kishima, Country Manager at Tenable Japan. “Internal mindsets further complicate matters, and make collaboration between IT and security teams challenging.”

The use of numerous third-party technologies without established processes poses a significant vulnerability for Japanese organizations. A striking 72% of respondents utilise third-party programs for SaaS apps and services, but fewer than half (46%) possess high to very high visibility into third-party environments.

Naoya noted, “While there are no quick fixes to these challenges when we look at key differences between low-maturity and high-maturity organisations across the overall sample, some themes begin to emerge that can serve as a guide for organisations looking to reduce their risk.”

• Low-maturity organisations are more likely to be stuck in reactive mode. In the past 12-24 months, high-maturity organisations preventively defended against 61% of the attacks they experienced and reactively mitigated against the rest. In low-maturity organisations, 56% of attacks were preventively defended while 44% were reactively mitigated. 
• High-maturity organisations see the value in data aggregation: 57% use aggregation tools to collect and analyse data to quantify risk exposure, compared with only 46% of low-maturity organisations. 
• High-maturity organisations spend far less time each month producing reports for business leaders than their low-maturity counterparts: 57% of high-maturity organisations say it takes 11 hours or more to produce such reports, compared with 72% of low-maturity organisations. 
  
   

-ENDS-

To read the full study, visit here. 

Note to Editors:

• Forrester Consulting conducted an online survey of 825 IT and cybersecurity professionals including 50 Japanese respondents at large enterprises in the US, the UK, Germany, France, Australia, Mexico, India, Brazil, Japan, and Saudi Arabia. The study was fielded in March 2023.
  
   
• Maturity Modelling: Respondents were scored based on their answers to questions measuring different aspects of their maturity: their use of preventive security tools, how they prioritise resources to reduce threat exposure, and the degree of visibility and collaboration within their organisation. Forrester scored those in the bottom 20% as low maturity, the middle 60% as medium maturity, and the top 20% as high maturity.

About Tenable
Tenable® is the Exposure Management company. Approximately 43,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include approximately 60 percent of the Fortune 500, approximately 40 percent of the Global 2000, and large government agencies. Learn more at tenable.com.

###

Media Contact:
[email protected]