APAC CIOs face cyber threats despite rising security spend

The Logicalis 2025 CIO Report has revealed that chief information officers across the Asia Pacific region are facing significant challenges in managing cybersecurity despite increased investment.

The report, based on a survey of 1,000 global IT leaders including more than 300 from Asia Pacific (APAC), found that 53 per cent of APAC CIOs consider their organisation's security patch systems too complex to manage effectively.

Over the last 12 months, a substantial 91 per cent of APAC organisations reported experiencing a cybersecurity incident. Of those, more than half (53 per cent) encountered multiple breaches, a figure that outpaces the global average of 43 per cent. The high incidence of breaches has resulted in nearly all CIOs anticipating the likelihood of significant cybersecurity incidents in the coming year.

The report noted that despite increased security spending, nearly all CIOs see the need for ongoing enhancements to their security coverage. In APAC, 45 per cent of CIOs believe their organisations have overinvested in security solutions that are not necessary. An equal proportion acknowledged they do not derive good value from their security investments, citing underutilisation of features within their current tools.

Additionally, half of those surveyed stated that the security solutions available to them do not fully align with their organisational needs. Only 63 per cent expressed complete confidence in their ability to identify potential security gaps. The findings suggest a disconnect between awareness of cybersecurity risks and the capabilities required to address them effectively.

The evolving threat landscape, fuelled by new technologies, is creating additional vulnerabilities for organisations. The report highlighted that AI-driven attacks now occur as frequently as phishing attempts, placing artificial intelligence-based threats among the top three cybersecurity concerns for APAC CIOs. Furthermore, 73 per cent of regional IT leaders indicated heightened awareness of the rising risk related to credential leaks.

Commenting on the report findings, Lee Chong-Win, CEO, Logicalis Asia Pacific, stated, "With cybersecurity now a board-level issue, CIOs need advanced visibility into their infrastructure security, and the ability to present key security metrics clearly and concisely." He added that demand for cybersecurity services continues to grow amidst a skills gap in the workforce.

The report also detailed other security-related statistics for the region. Malware and ransomware remained the most common breach types, accounting for 41 per cent of incidents. Four out of five CIOs (81 per cent) suggested that the volume of cybersecurity breaches has remained steady or increased over the past year. In terms of security strategy, 62 per cent admitted to underutilising at least some of their security tools, and 53 per cent reported that their patch systems are difficult to manage.

On the topic of business requirements, 45 per cent of CIOs stated their security solutions do not fully address their organisation's needs. In the area of overall confidence, only 63 per cent felt assured in their ability to pinpoint vulnerabilities. Among those surveyed, 97 per cent agreed that their security coverage required some level of improvement, with over half saying significant changes are necessary.

To address some of these challenges, Logicalis recently introduced Cisco XDR as a Managed Service from its APAC Security Operations Centre in Malaysia, becoming the first Cisco partner in the region to do so.

The CIO Report is based on data collected at the end of 2024 by independent market research specialist Vanson Bourne. Respondents represented organisations with more than 250 employees and involvement in digital transformation and cloud computing activities.

This year's survey marks the eleventh consecutive edition of the Logicalis CIO Report, which spans respondents from Europe, Asia Pacific, North America, and South America.