SINGAPORE (July 19): Asia Pacific companies may be loosening their purse strings on cyber security, but this may not necessarily yield the desired results, according to a new report by security company Palo Alto Networks. 

The State of Cyber Security in Asia-Pacific features survey data of over 500 industry professionals from five of the region’s key markets: Australia, China, Hong Kong, India and Singapore.

Based on its findings, the growth in cyber security budgets over the past two years have been most marked among organisations based in India (92%) and China (78%) – and much less so in Hong Kong (52%) and Australia (50%).

Singapore has been caught in the middle in this respect at 58%, although still below the regional average of 66.2%.

The city state is also among the second lowest after Australia (60%) to devote 5-15% of their total IT spend to cybersecurity at 66%, which is also lower than the regional average of 74%.

Sector-wise, the financial sector ramped up their cybersecurity budget most drastically on a year-to-year basis (72%), while 33% healthcare organisations in Asia Pacific saw it decrease on the contrary.

However, as pointed out by Palo Alto Networks, simply throwing money at a problem does not always yield results.

“Knowledge and expertise are vital components of any coherent cybersecurity response, especially in a world where threats move quickly and stealthily across borders”, writes the company in its white paper report issued on Wednesday.  

While Singapore (86%) comes in relatively close behind India (95%) and China (97%) in the ranking of surveyed organisations claiming to have a dedicated IT security team or department, the study’s findings also reveal that less than one-third of the city state’s organisations have been sharing threat information with other companies in their industries at 32%, more than 10 percentage points behind the regional average of 44%.

Although respondents in Singapore reported fewer incidents of data breaches in the current financial year compared to FY2015-16, 37% say they suffered losses of at least $140,000 due to data breaches.

Fear of being seen as a victim of a data breach could be one reason organisations are hesitant to share threat information with industry peers, says Palo Alto Networks, while the publicity that comes along with the failure to prevent a cyberattack appears to have a greater negative effect on an organisation’s reputation, going beyond financial impact.

Other than monetary damages, reputational damage ranked the highest (28%) on Singapore respondents’ concerns in the event of a data breach, with loss of confidential details (27 per cent) and company downtime (25 per cent) closely trailing behind.

“A mindset shift is imminent for local businesses and professionals as cyberattacks become increasingly common in Singapore and around the world. They need to move away from thinking in silos, both within the organisation and the industry,” says Sean Duca, vice president and regional chief security officer for Asia Pacific, Palo Alto Networks.

“Organisations will be better placed to mitigate internal and external threats by adopting a prevention-minded approach to cybersecurity.”