Challenges hampering the cybersecurity function
Chief Information Security Officers (CISOs) are grappling with a confluence of challenges and three stand out: inadequate budgets, strained relationships with the business and regulatory complexity.
The cybersecurity function today tends to be severely underfunded. Despite the growing threat of cyber attacks, the cyber spend of Asia-Pacific businesses is only 0.05% of their annual revenue, according to the GISS. Respondents also said that cybersecurity expenses are not factored adequately into the cost of strategic investments like IT supply chain transformation.
Such cost-cutting has severe implications. The GISS revealed that 41% of businesses in the Asia-Pacific region expect to suffer a major breach that could be averted with better investment. Budget restrictions will also compel CISOs to make difficult decisions to wind down some strategic activities that were initiated before the COVID-19 crisis.
Perhaps even more worrying is cybersecurity’s relationships with the rest of the business. Seventy-one percent of Asia-Pacific cybersecurity leaders describe their relationships with business owners as being neutral or negative, while over 4 in 10 (44%) say their dealings with the marketing and HR functions are poor.
Of concern is how cybersecurity is being left out of vital conversations. Almost 80% of respondents in the GISS said cybersecurity teams are not always consulted or briefed in a timely manner until after the planning stage has finished. This suggests that other business functions do not always perceive cybersecurity as a strategic partner. When the CISO’s relationship with the business is under strain, the fallout is greater exposure to cyber risks.
Compounding the pressures for cybersecurity functions is regulatory fragmentation as the global compliance environment becomes more complex. Respondents in the GISS foresee that regulations will become more heterogeneous in the coming years, with compliance likely to be the most stressful part of their job.