Company Executives Lack Awareness Despite Rising Ransomware Incidents

2022-04-09

Sophos’ findings from its latest survey report reveal a lack of boardroom awareness of cybersecurity in Malaysia. There is also a broad assumption from executives that their company will never get attacked, despite rising ransomware incidences, impact and cost.

Cybersecurity Education Should Start at the Top

Despite cybersecurity expenditure and self-assessed maturity increasing in Asia Pacific and Japan (APJ) organisations over the past 12 months, the report found that in Malaysia only 29 per cent of companies surveyed believe their board truly understands cybersecurity. In addition, the top frustration expressed by cybersecurity professionals in Malaysia is that they can’t keep up with the pace of security threats.

Eighty-five per cent of Malaysian respondents also believe cybersecurity vendors do not provide them with the information they need to help educate executives, and 93 per cent of companies agree their biggest security challenge in the next 24 months will be the awareness and education of employees and leadership. The top two attack vectors of concern for local organisations are directly addressable by ongoing education and awareness campaigns: phishing or whaling attacks, and weak or malicious employees.

The issue isn’t technology, it’s education. Increasing spend on cybersecurity won’t help unless organisations understand from the top down the true nature and critical threat that cyberattacks constitute to their organisational capabilities, their customers and their own existence.
Aaron Bugal, global solutions engineer, APJ, at Sophos

Cybersecurity Professionals’ Top Frustrations

Cybersecurity is very important in Malaysia

The survey also highlights that cybersecurity professionals face a variety of challenges and frustrations in their roles, most of which are related to awareness, perception, messaging, and education. The top three frustrations in Malaysia are: