IDC shock over state of IT security in APeJ financial services

IDC's MaturityScape Benchmark: IT Security in Financial Services in Asia/Pacific (Excluding Japan) 2017 has highlighted that the ability of financial institutions to manage their own IT security may not be as advanced as we might hope.

The IDC MaturityScape Benchmark: IT Security in Financial Services in Asia/Pacific (Excluding Japan) 2017 report studied the maturity of 106 financial services organisations across Asia Pacific excluding Japan (APeJ), and found that, on a scale of 1 to 5 for IT security maturity, more than two thirds of all respondents (71.6%) were at either the earliest stages - stage 1, for ad hoc work (29.2%) or Stage 2, opportunistic (42.4%). The remaining stages range from 'repeatable' in stage 3 to 'optimised' at stage 5.

“This is not what we had expected to see,” says Simon Piff, VP, Security Practice for IDC Asia Pacific. “The key issues at hand that resulted in this shocking statistic is very much about the way IT security is considered within organisations. Thinking that IT security is a problem for IT to solve is both short-sighted and does not embrace the full issue.

“Organisations must think in terms of ‘business risk’ first then decide how IT can help mitigate some of these risks, and not simply assign an ‘IT’ label to it.”

IDC points out that the methods by which threat actors will use to breach a network are "many and varied". The research firm notes that the traditional IT approaches of focusing on perimeter prevention, without investing sufficiently into network detection and remediation, is at that heart of the issue. “The bad guys are already on the inside, and we are all looking outside to see what we can stop thereby missing the advanced threat actors who can create the worst scenario for any business,” warned Piff.

IDC is holding an IT Security Conference series that aims to articulate how the threat landscape is changing, explain why business leaders need to be more concerned about the potential impact of breaches, even in markets with minimal legislation, and provide insight into what some of the world class organisations are doing to achieve the highest levels of IT security. In Asia Pacific, the events will be held in Kuala Lumpur, Malaysia; Bangkok, Thailand, and Manila, Philippines. Get more details

*The results in this study are based on IDC's 2016 IT Security MaturityScape Benchmark Survey of 852 organisations across the Asia Pacific region, excluding Japan (APeJ), conducted from June to July 2016. The telephone survey used a structured questionnaire which focused on the five dimensions of IDC's IT Security MaturityScape framework. For each dimension, IDC created a set of questions to assess the level of capability and/or maturity for the dimension. Of the respondents, 106 identified themselves from the financial services industry. The IDC IT Security MaturityScape is based on global best practices for IT security maturity, and is available at IDC.com