RSA research shows 74% of APJ organisations face significant risk of cyber incidents


Overreliance on perimeter-based defence creates more opportunities for attackers using advanced threats

RSA_LogoRSA, The Security Division of EMC, has announced the results of research that demonstrates organisations in Asia Pacific and Japan (APJ) investing in detection and response technologies are better poised to defend against today’s advanced threats, in comparison to those primarily utilising perimeter-based solutions. The results of the second annual RSA Cybersecurity Poverty Index found that 74 per cent of survey respondents in the APJ region face a significant risk of cyber incidents – closely aligned to the global average of 75 per cent.

More than 200 respondents from the APJ region participated in the 2016 RSA Cybersecurity Poverty Index. The survey gave participants the chance to self-assess the maturity of their cybersecurity programs by leveraging the NIST Cybersecurity Framework (CSF) as the measuring stick. The findings showed that organisations continue to struggle with their ability to take proactive steps to improve their cybersecurity and risk posture. In fact, 70 per cent of APJ-based respondents had experienced cyber incidents that negatively impacted their business operations in the past year. Not surprisingly, only 23 per cent of those organisations considered their cybersecurity strategy mature. The results also showed that organisations often delay investing in cybersecurity until they’ve undergone a major incident – typically one that impacts critical business assets. The inability of organisations to quantify their Cyber Risk Appetite (the risks they face and the potential impacts on their organisations) makes it difficult to prioritise mitigation and investment, a foundational activity for any organisation looking to improve their security and risk posture.

The strongest reported maturity levels were in the area of Protection. However, perimeter-based defence solutions are proving to be increasingly ineffective over time as cyber threats become more advanced. The categories of Response and Detection were ranked least mature in the region. Organisations must focus on executing preventative strategies and improving capabilities that offer complete visibility to detect and respond to advanced threats before they can impact the business.

The results of the RSA Cybersecurity Poverty Index also revealed the urgency for smaller organisations in the APJ region to improve their cybersecurity strategies to better defend themselves against today’s advanced threats. 85 per cent of organisations surveyed with less than 1,000 employees reported to be not well prepared for today’s threats versus 61 per cent of mid-sized organisations (between 1,000-10,000 employees) and 65 per cent of large organisations (10,000+ employees) reported not being as well prepared. This wide gap in defence capabilities between large and small organisations points to a potential risk of smaller organisations becoming prime targets for threats in today’s digital landscape.

To assess cybersecurity maturity, respondents self-assessed their capabilities against the CSF, which designed to provide guidance based on existing standards, guidelines and practices for reducing cyber risks, and was created through collaboration between industry and government. While the CSF was initially developed in the United States with the aim of helping to reduce cyber risks to critical infrastructure, organisations worldwide have found it to be a prioritised, flexible, repeatable and cost-effective approach for managing cyber risk. Thus, it serves as an excellent baseline to assess any organisation’s core cybersecurity and cyber risk management capabilities.

Organisations rated their own capabilities in the five key functions outlined by the CSF: Identify, Protect, Detect, Respond, and Recover. Ratings used a 5-point scale, with 1 signifying that the organisation had no capability in a given area, and 5 indicating that it had highly mature practices in the area.

EXECUTIVE QUOTE: Nigel Ng, Vice President, APJ, RSA, The Security Division of EMC

“The results of this research provide insight into how the APJ region can improve its overall cybersecurity maturity. Over the next few years, we are bound to face more vulnerabilities as technology and internet penetration in the region is set to grow in parallel alongside sophisticated cyber threats. Especially so in Southeast Asia, which is now the world’s fastest-growing internet region globally, where the internet user base is expected to double to 480 million by 2020. So it is more important than ever for organisations of all sizes to acknowledge weaknesses, review their cybersecurity strategies and move beyond conventional approaches – like perimeter-based protection — when thinking about security.”


RSA provides more than 30,000 customers around the world with the essential security capabilities to protect their most valuable assets from cyber threats.  With RSA’s award-winning products, organisations effectively detect, investigate, and respond to advanced attacks; confirm and manage identities; and ultimately, reduce IP theft, fraud, and cybercrime. For more information, go to