SecurityBrief India - Technology news for CISOs & cybersecurity decision-makers
Story image
APAC retail sector hardest hit by cyberattacks due to insufficient funding
Mon, 11th Dec 2023

In a recent study from cybersecurity firm Kaspersky, the retail industry in the Asia Pacific (APAC) has experienced the highest number of successful cyberattacks in the past 24 months. The study highlights that 19% of APAC companies have suffered cyber incidents due to inadequate cybersecurity investment in the last two years. Almost one in five of these businesses confess they lack the budget required to implement sufficient cybersecurity measures. While retail has borne the brunt of these incidents, various industries, including telecommunications, critical infrastructure, and the energy sector, are similarly affected.

Retail organisations have suffered the most from these cyberincidents, experiencing 37% of breaches due to budget limitations, followed by telecommunications companies (33%), and those within the critical infrastructure, energy, oil and gas sector (23%). Adrian Hia, Managing Director for Asia Pacific at Kaspersky, commented, "E-commerce is expected to be a 2.05 trillion USD market in Asia Pacific towards the end of 2023. Retail being the industry which suffered the most cyber incidents here makes sense as cybercriminals follow the money trail. These companies are part of the greater digitalization movement in the region and hold treasure troves of data, specifically financial ones."

Insufficient budget allocation for cybersecurity is a significant factor behind Asian companies falling prey to cyber incidents. Companies must prioritise their cybersecurity budgets and align them with their business strategy, says Kaspersky VP, Corporate Products, Ivan Vassunov. "Our recent study proves that threat actors know which company to target. They know the data they want and where to get them. I encourage all industries in APAC, especially those that handle critical information, to allot better cybersecurity budget to ensure the safety of their businesses, and most importantly, of their customers' sensitive data," added Hia.

Interestingly, the majority (83%) of respondents from APAC claim they are equipped to keep up with or even stay ahead of new threats. However, 16% of companies are not faring as well, with 15% reporting they lack sufficient funds to adequately protect their company's infrastructure. Furthermore, 2% conceded they have no dedicated budget for cyber protection needs at all. Among the industries, financial services are leading the way in budget allocations for cybersecurity, with 100% of respondents in this field claiming their organisations are ready for any new threats.

Most businesses agreed that steps to strengthen their cybersecurity over the next 1-1.5 years are a priority. Threat detection software and training are among the top areas of investment, with half of the companies planning to allocate budgets for educational programs for cybersecurity professionals and 46% for training for general staff. Other popular measures include introducing endpoint protection software, hiring additional IT professionals, and adopting SaaS cloud solutions.