Cybersecurity comes of age

Businesses are restrategising their cyber budgets to get more out of it, as they continue to adapt to customer demands that are growing in complexity. They are starting to consider a longer term strategic risk-based investment in security. But to do this successfully, they need to quantify cyber risks more granularly or richly (60% of respondents recognise this), to guide the decisions they make as a business.  

On one hand, cloud services is the next big switch for organisations. Yet for 70% of Malaysian respondents, cyber attacks on cloud services would likely occur in the next 12 months, 70% of which feel that the impact is expected to be significantly negative.

Ransomware attacks are also increasing, with 73% of respondents indicating that a ransomware breach would be likely to occur in the industry in the next 12 months. A proactive approach is key in identifying these threat vectors and assessing the likely security risks they may be vulnerable to. 

Organisations that are setting the trend for others in the market are investing in people, processes and technologies, and they are already benefiting from these practices. In the current landscape, these changes are taking place faster than they normally would.

A sizeable proportion of respondents foresee that their investments will pay off in better management of cybersecurity risks over the next two years. This includes prioritising increased collaboration between the cybersecurity team and the business side in delivering business outcomes, and  reducing the cost of cyber operations via automation, rationalisation and/or other solutions.

While Malaysian organisations have a growing appreciation of the role of the CISO, only 13% of the respondents say that their CISO (or cybersecurity leader) reports to the CEO. 40% of the respondents continue to have the CISO reporting to the CTO, CIO or Head of IT collectively.

A change in mindset will be important as savvy CISOs are in step with the vision and goals of their enterprise as a whole, not just IT. This is a role that will continue to evolve as organisations increasingly rely on the CISO to provide clearer leadership post-pandemic.

64% of Malaysian respondents expect an increase in the headcount of the cybersecurity team in the next 12 months. Among the skills that are highly sought after are data management (67%), security intelligence (also 67%), and data analysis (63%). These skills need to be balanced with soft skills and a growth mindset to succeed as a cybersecurity professional in today’s landscape.

Organisations need to encourage upskilling among their employees and promote from within, given the talent shortage in the market.