Asia Pacific Businesses Do Not Believe They Are Fully Prepared as Cybersecurity Incidents Continue to Rise

New Cloudflare study reveals that 78% of respondents experienced a cybersecurity incident in the past year; only 38% indicating they were highly prepared to defend against them

Sydney, August 24, 2023Cloudflare, Inc. (NYSE: NET), the security, performance, and reliability company helping to build a better Internet, today released a new study focused on cybersecurity in Asia Pacific. The report, called “Securing the Future: Asia Pacific Cybersecurity Readiness Survey,” shares the latest data on cybersecurity preparedness in the region, revealing how organizations are coping with rising volumes of cybersecurity incidents, their levels of preparedness, and the outcomes experienced. These new findings report that the majority of organizations are not prepared to handle cybersecurity attacks, despite the fact that attacks are on the rise.

Organizations Face Rising Volumes of Cybersecurity Incidents

The study, which was conducted across over 4,000 cybersecurity decision makers and leaders across Australia, China, Hong Kong SAR, India, Indonesia, Japan, Malaysia, New Zealand, the Philippines, Singapore, South Korea, Taiwan, Thailand, and Vietnam, found that 78% of respondents experienced at least one cybersecurity incident in the past 12 months. Of those who experienced a cybersecurity incident, 80% reported four or more incidents. And, 50% experienced 10 or more cybersecurity incidents, with 72% forecasting an increase in the next 12 months.

Majority of Organizations Not Prepared to Respond to Attacks, Millions in Losses and Fines

Despite the increasing frequency of cybersecurity incidents, only 38% consider themselves highly prepared, with those in Healthcare (16%), Education (13%), Government (10%), and Tourism (10%) reporting they are most likely unprepared to withstand an incident.

What’s more, about 63% of survey respondents reported that the financial impact of cybersecurity incidents on their organizations was at least US$1M over the past 12 months, with 14% suffering a loss of more than US$3M. Asia Pacific organizations were also concerned with regulatory action. 33% of respondents said their organization reported breaches to the relevant authorities, with 26% paying a fine, and the same number facing legal action.

The study also shows talent constraints are still prevalent in the region, with a lack of talent cited by 60% of respondents when discussing challenges to cybersecurity preparedness.

Businesses Contend with Different Forms of Online Attacks, While Trying to Secure a Hybrid Workforce

Survey respondents reported web attacks, phishing, Distributed Denial-of-Service (DDoS), insider threats, and stolen credentials as the cyberattacks they experienced in the past 12 months. Respondents also ranked planting spyware as the primary goal of cybercriminals, followed by financial gain, data exfiltration, and ransomware. Notably, the three most pressing challenges cybersecurity decision makers and leaders face are: securing a hybrid workforce (51%); defending against cyberattacks (48%); and deploying Zero Trust (42%).

More Products Do Not Mean More Protection

Most of the respondents surveyed currently have between six and 15 products in their cybersecurity architecture, while larger organizations have almost twice as many, with 20 or more. Juggling multiple solutions has somewhat negatively impacted effectiveness — hinting that organizations should be looking to simplify. In the study, only 39% of organizations with less than 15 solutions experienced 10 or more cybersecurity incidents. However, 73% of those with more than 15 solutions experienced the same. On the other hand, 80% of organizations with less than 15 solutions were able to resolve incidents in less than 12 hours, while only 65% of those with more than 15 solutions have done the same.

Most Organizations Expect to Increase Budget in the Next 12 Months

In the past 12 months, 53% of survey respondents spent between 11% and 20% of their organization’s entire IT budget on cybersecurity, while another 28% of respondents spent more than 20% of their total IT budget. Healthcare, Transportation, and Finance were the industries that spent the most on cybersecurity, while Education, Gaming, Government, and Manufacturing spent the least. When it comes to future plans, 67% of all respondents expect their cybersecurity budgets to increase in the next 12 months, while 22% expect to maintain their current spend.

“While preparedness is key, organizations continue to grapple with a cybersecurity landscape that’s more volatile and complex than ever. Simply increasing spend or adding more products isn't the answer for the best outcome either. It’s important to build a strong security culture that empowers business leaders to approach cybersecurity as a strategic imperative to every organization, including technological and cost consolidation, in order to get the double benefit of spending less while having a more robust and simpler-to-manage cybersecurity infrastructure,” said Jonathon Dixon, Vice-President and Managing Director, Asia Pacific, Japan and China at Cloudflare.

Today, some of Asia Pacific’s most sophisticated organizations turn to Cloudflare for their cybersecurity needs, including Envato, JCB, and Melbourne Airport. “We're a cloud-native company with a global workforce. Our staff needs to access key company resources from wherever they are in the world. Cloudflare was a really good fit — a secure, effective, and simpler approach than traditional access controls,” said Ross Simpson, Senior Principal Security Engineer at Envato.

To find out more about the APAC Cybersecurity Study, please check out:

Survey Methodology

This survey was conducted by Sandpiper Communications, on behalf of Cloudflare across a total of 4,009 cyber security decision-makers and leaders from small (150 to 999 employees), medium (1,000 to 2500 employees), and large (more than 2,500 employees) organizations. Respondents were drawn from a wide range of industries: Business & Professional Services; Construction & Real Estate; Education; Energy, Utilities & Natural Resources; Financial Services; Gaming; Government; Healthcare; IT & Technology; Manufacturing; Media & Telecoms; Retail; Transportation; Travel, Tourism & Hospitality. Respondents were based in 14 markets across Asia Pacific: Australia, China, Hong Kong SAR, India, Indonesia, Japan, Malaysia, New Zealand, the Philippines, Singapore, South Korea, Taiwan, Thailand, and Vietnam (n=203 to 426 per country), and were surveyed online and recruited via general business panels. The survey was aimed at building a better understanding of the threat landscape facing Chief Information Security Officers (CISOs) and their teams across the vast and varied territories of Asia Pacific, and the actions driving positive results and outcomes. The survey was conducted in July 2023.

About Cloudflare

Cloudflare, Inc. ( / @cloudflare) is on a mission to help build a better Internet. Cloudflare’s suite of products protect and accelerate any Internet application online without adding hardware, installing software, or changing a line of code. Internet properties powered by Cloudflare have all web traffic routed through its intelligent global network, which gets smarter with every request. As a result, they see significant improvement in performance and a decrease in spam and other attacks. Cloudflare was awarded by Reuters Events for Global Responsible Business in 2020, named to Fast Company's Most Innovative Companies in 2021, and ranked among Newsweek's Top 100 Most Loved Workplaces in 2022.

Forward-Looking Statements

This press release contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended, which statements involve substantial risks and uncertainties. In some cases, you can identify forward-looking statements because they contain words such as “may,” “will,” “should,” “expect,” “explore,” “plan,” “anticipate,” “could,” “intend,” “target,” “project,” “contemplate,” “believe,” “estimate,” “predict,” “potential,” or “continue,” or the negative of these words, or other similar terms or expressions that concern Cloudflare’s expectations, strategy, plans, or intentions. However, not all forward-looking statements contain these identifying words. Forward-looking statements expressed or implied in this press release include, but are not limited to, statements regarding Cloudflare’s plans and objectives, Cloudflare’s global network, and Cloudflare’s products and technology, Cloudflare’s technological development, future operations, growth, initiatives, or strategies, and comments made by Cloudflare’s Vice President and Managing Director, Asia Pacific, Japan, and China, and others. Actual results could differ materially from those stated or implied in forward-looking statements due to a number of factors, including but not limited to, risks detailed in Cloudflare’s filings with the Securities and Exchange Commission (SEC), including Cloudflare’s Quarterly Report on Form 10-Q filed on August 3, 2023, as well as other filings that Cloudflare may make from time to time with the SEC.

The forward-looking statements made in this press release relate only to events as of the date on which the statements are made. Cloudflare undertakes no obligation to update any forward-looking statements made in this press release to reflect events or circumstances after the date of this press release or to reflect new information or the occurrence of unanticipated events, except as required by law. Cloudflare may not actually achieve the plans, intentions, or expectations disclosed in Cloudflare’s forward-looking statements, and you should not place undue reliance on Cloudflare’s forward-looking statements.

© 2023 Cloudflare, Inc. All rights reserved. Cloudflare, the Cloudflare logo, and other Cloudflare marks are trademarks and/or registered trademarks of Cloudflare, Inc. in the U.S. and other jurisdictions. All other marks and names referenced herein may be trademarks of their respective owners.

Daniella Vallurupalli
+1 650-741-3104