In a survey of 900 respondents from six ASEAN markets, misalignments of cyber resilience expectations pointed to poorer data readiness sentiments

Based on a Dec 2023/Jan 2024 quantitative market research survey involving 900 respondents* who were CIO/CISO, IT Leader, IT decision makers and direct reports, on their organizations’ state of data readiness and cyber resilience, some findings were announced.

First, 71% of respondents cited having experienced at least one cyberattack in the past year of the survey. Those in Singapore, Thailand, and Vietnam had experienced the majority of attacks on data environments, including production, secondary, and backups, while attacks on production data only was  highest in respondents from Singapore, Malaysia, and Vietnam. Of respondents that had experienced any cyberattack, 35% indicated having successfully recovered 100% of their data. Some 47% indicated retrieving 60% of their data, while 17% retrieved about 30% of their data.

Second, respondents who were business leaders had misaligned expectations with those who were in the IT teams: 24% of those who were business leaders indicated expecting an outage of “one day or less” as “tolerable”, while 79% expected the organization to have data access restored and be back in business by the fifth day. However, respondents in the IT teams indicated the average time it took to recover from a breach was between four and five weeks.

Other findings

Some 91% of respondents indicated struggling with managing “dark data”, which is defined as the information assets organizations collect, process and store during regular business activities, but are generally not used for other purposes, such as analytics. Also:

    • 7% of the 900 respondents in the six markets surveyed believed they had proactive, mature capabilities in terms of cyber resilience
    • 85% of the respondents indicated they had a response plan in place if attacked. Of these, 26% said indicated having a “clearly understood response and communication plan in place” while 22% indicated their incident response capability was weak, “very unorganized,” and “(they) scramble to respond”.
    • Four key areas identified by respondents for improving cyber resilience maturity were data immutability; adoption of AI; data clean rooms ; adoption of AI; use of data clean rooms and external partners to enhance cyber skills and response capabilities.

According to Michel Borst, Area Vice President, Commvault, the firm that commissioned the survey, they were serious gaps in respondents’ organizations’ level of maturity in cyber resilience (as compared to merely maintaining cybersecurity), and “their ability to recover all data, and the speed by which they can resume operations as the business requires.”

*150 each from firms selected in Indonesia, Malaysia, the Philippines, Singapore, Thailand and Vietnam, employing between 100 and 199 or more-than-200 employees