Experts say robust security culture 'critical business imperative'
The security culture in Asia is lagging when compared to its global counterparts, according to a new report, which warned organisations in the continent about an "increasingly vulnerable" digital landscape to cyberattacks.
Security culture refers to the ideas, customs, and social behaviours that influence an organisation's security and reduces human risk, according to KnowBe4's latest research.
"Security culture is best understood as the collective mindset, practices, and norms that shape how an organisation approaches and prioritises security."
Its latest report revealed that the overall security culture score globally is at 72, a low-moderate level, based on Attitudes, Behaviours, Cognition, Communication, Compliance, Norms, and Responsibilities.
Asia's security culture score
Asia, however, fell below the global average with an average security culture score of 71, based on 157 organisations. It trailed behind Europe and North America, which both got a 73 score.
By nation, Singapore matched the global score of 72. Other nations registered the following scores:
- Malaysia (71)
- Philippines (71)
- Thailand (68)
- Indonesia (65)
Source: KnowBe4's 2024 Security Culture Report
According to the report, socioeconomic disparities among nations likely influenced their security culture scores, as some exhibited security practices comparable to European nations.
The linguistic and cultural diversity across the continent also makes it more complicated to establish a unified security culture, according to the report.
Cyberattacks in Asia
The findings come as Asia emerges as a prime target for cyberattacks, the KnowBe4 report said, citing World Economic Forum research in 2023.
"Asia's rapid digital growth, coupled with a strong manufacturing sector and a surge of new tech users, have created a digital landscape increasingly vulnerable to cyberattacks," said KnowBe4's Dr. Martin Kraemer - Security Awareness Advocate, in a statement.
To address this, the report called for more investment in national cybersecurity policies and the establishment of dedicated cyber task forces.
"Building and maintaining a robust security culture is no longer a luxury, but a critical business imperative," Kraemer said.
"As cyberattacks continue to evolve, it's essential for all industries, particularly those heavily targeted by cybercriminals, to prioritise this investment. By focusing on initiatives that address human-based risks, organisations can significantly strengthen their overall cybersecurity posture."
