Cybersecurity leads boardroom agendas among ASEAN organizations in light of pandemic-induced shifts

New research from Palo Alto Networks reveals more than half of Philippine organizations conduct high-level cybersecurity discussions monthly

Palo Alto Networks (NASDAQ: PANW), the global cybersecurity leader, today unveiled new research which found ASEAN business leaders prioritizing cybersecurity issues at the board level, as a result of the disruptions brought about by COVID-19. The State of Cybersecurity in ASEAN study surveyed 500 respondents representing businesses across the Philippines, Singapore, Malaysia, Indonesia, and Thailand on their response to the cybersecurity challenges in 2021 and outlook for the future.

Cybersecurity becomes a top business priority

Against the pandemic backdrop, cybersecurity has risen to the top of the leadership agenda for many ASEAN businesses – a vast majority (92%) believe that cybersecurity is a priority for their business leaders today. Nearly three in four (74%) also believe their leadership has increased the focus on cybersecurity. More than half (56%) of Philippine organizations indicated that they have been discussing their cybersecurity strategy on a monthly basis.

Leaders also took concrete actions to beef up their organization’s cybersecurity capabilities, as 96 percent of organizations maintain a dedicated in-house IT team responsible for managing cyber risks. Over two-thirds (68%) are also planning to increase their cybersecurity budgets in 2022, driven by the adoption of next-gen security capabilities (48%); the need to address existing cybersecurity gaps (46%); and the need to optimize operations (44%).

“The pandemic has served as a catalyst for ASEAN business leaders to pay greater attention to their cybersecurity defense measures. Many of them recognize the deep impact it can have on their business continuity. To manage today’s remote workforce in a digital-first environment, cybersecurity must be integrated horizontally across all facets of the business and considered as part of every corporate action,” said Ian Lim, field chief security officer, Palo Alto Networks,  “As new and unexpected threats continue to shake up businesses of all sizes and industries, there needs to be closer collaboration between both technology and business leaders to tackle these novel challenges.”

Philippine organizations perceive the highest level of risks to cyber threats (48%) among ASEAN countries. It is, therefore, unsurprising that 64 percent of Philippine organizations indicate that they have increased their budget for cybersecurity in 2022.

“It’s encouraging to see that Philippine businesses are confident and proactive in dealing with cybersecurity issues. According to the survey, the Philippines is the second-highest country in the ASEAN where the business leaders are confident of their cybersecurity measures and this speaks volumes about our nation’s awareness as well as preparedness to potential cyberattacks. Having said that, Philippine organizations should continue to focus on post-covid cyber protection in order to stay ahead of the evolving cyber threats,” said Oscar Visaya, country manager, the Philippines, Palo Alto Networks.

Shift towards remote work brings on new cybersecurity challenges

With demand for remote access by employees working from anywhere becoming a norm, the infrastructure of many businesses hasn’t been designed to cope. Unsurprisingly, this working arrangement has brought on a new set of cybersecurity challenges.

The survey respondents reported that, amongst others, the most pertinent is the increase in digital transactions with suppliers and other third parties (54%); the need to procure a wider array of cybersecurity solutions to protect themselves from cyberthreats (54%); and unmonitored and unsecured IoT devices connected to the corporate network (51%).

The majority of ASEAN organizations (94%) also experienced a rise in the number of attacks in 2021, with close to a half (42%) of the Philippine organizations experiencing up to 25% increase in disruptive cyberattacks.

Financial institutions prime targets but feel best-prepared against attacks

Amongst all industries surveyed, financial services (45%) and fintech (42%) notably perceive themselves to be most at risk of cyberattacks. Of note, malware attacks were identified as  a top concern.

However, these two industries are also most confident of the cybersecurity measures put in place to protect themselves from attacks. This confidence might stem from a higher focus on cybersecurity reported by business leaders in financial services (79%) and fintech (76%) compared to the average of 74%. Cybersecurity budgets have also increased the most for organizations in financial services (81%) and fintech (75%), compared to the 68% average.

Evolving cybersecurity strategies for a post-COVID world

As COVID-19 increasingly drives work and leisure activities towards online platforms, ASEAN organizations predict that the one cybersecurity trend we need to pay attention to the most in 2022 will be for cyberattacks to affect our personal safety. This is against the backdrop of organizations accelerating their digital transformation by increasing investment in mobile applications (58%), expanding their remote workforce (57%), and expanding the footprint of smart devices (57%).

Digital technologies have also become more interwoven into the workplace. As a result, nine in ten (90%) ASEAN organizations are evolving their cybersecurity strategies to stay protected from attacks. Across all sectors, adopting cloud security (54%) is the top post-pandemic measure taken by organizations, followed by IoT/OT security (46%) and access management (45%). The Philippines is ahead of the rest of the ASEAN countries as 96% of the organizations in the country will adjust their cybersecurity strategy for a post-pandemic world in which access management is a top concern (57%) followed by adopting cloud security (53%).


Here are some best practices and recommendations for enterprises to stay ahead of cybersecurity threats:

  • Conduct a cybersecurity assessment to better understand, control, and mitigate risks. This will help organizations to prioritize countermeasures and identify where resources are needed to defend against sophisticated attacks.

  • Adopt a Zero Trust framework to address the cybersecurity threats of today and design architecture with an “assume-breach” mindset. Deploy technology to continuously validate the legitimacy of digital interactions and establish rapid response capabilities to quickly address the early signs of a breach.

  • Choose a partner, not a product. A good cybersecurity partner can provide the latest threat intelligence and offer practical advice on how to build a cyber-resilient architecture across all environments (e.g., on-premises, cloud, edge).