CIO

Asia Pacific CISOs see rising budgets but face more volatile and complex environment: Forrester

Their strategic priorities indicate they are just starting to transform their cybersecurity capabilities

Jinan Budge, Forrester

CISOs and security and risk leaders in Asia Pacific will see budget increases this year. 

But they also have to contend with a shaky economic outlook, a geopolitically complex threat landscape and further regulatory scrutiny, reports Forrester.

In the report Security Budgets In Asia Pacific, 2019, Forrester analyst Jinan Budge notes that the past year saw a number of high profile breaches in the region.

These include the SingHealth data breach which affected the records of 1.5 million patients and Australian firms reporting more than 800 data breaches under the new Notifiable Data Breaches Scheme.

Moreover, reports indicate over a quarter of the global total compromised records were from the region.

Security decision makers say the complexity of the IT environment and the changing nature of threats are among their biggest challenges.  

The economies in the region are also showing signs of slowing down.

 Forrester’s latest survey among security technology decision-makers in the region shows that nearly half (47 per cent) of security leaders expect their budgets to increase this year, only 11 per cent will expect the increases to be over 10 per cent.

Regional economic uncertainty, in particular due to the  US-China trade war, has made increases even less likely, notes Budge. 

Forrester says respondents to the survey are security leaders in enterprises with 1000 or more employees. 

The strategic priorities of the security leaders in the Asia Pacific region indicate they are just starting to transform their cybersecurity capabilities. 

In addition to cloud security, their strategic priorities include having a formal technology risk management framework, tying cybersecurity risk to enterprise risk, and rolling out effective security training and awareness.

 Forrester says while it is refreshing to see plans for non-technical and strategic initiatives, this is also cause for concern.   

“It indicates that organisations in the region are still not able to strategically prioritise projects in their security programmes,” notes Budge.

The survey finds that about 38 per cent of security budgets in the region will be for buying, upgrading and maintaining on-premise technologies. Only 12 per cent will be spent on staffing. 

A key challenge, she notes, is that security is still seen mainly as an IT issue. 

Forrester says 55 per cent of security leaders say that spending decisions are made mostly or only by IT.  

Meanwhile, 39 per cent say that their senior-most security decision maker reports to the CIO, while 28 per cent say they report to IT operations.

Forrester further calls on CISOs to invest their time in developing their leadership skills and “evolve into savvy business executives”.

“Invest in your own personal development so you can lead through change,” advises Budge. “Communicate security up, down, across, and outside of your organisation.

Security leaders must also master strategic planning, she writes.

“Learn and speak the language and nuances of business, finance and commercial - at all levels of the organisation.”