Data protection company Commvault has released its ASEAN State of Data Readiness Report 2024. The report reveals a low cyber resiliency maturity among many ASEAN-based organisations and highlights challenges in data recovery and cyber resilience amid growing threats and data sprawl.
The report, conducted by Tech Research Asia (TRA) and commissioned by Commvault, surveyed CIOs/CISOs, IT leaders, and decision-makers from organisations across Southeast Asian countries, namely Indonesia, Malaysia, the Philippines, Singapore, Thailand, and Vietnam.
Key findings include:
- The gap between recovery expectation and reality is vast – 79% of leaders expect business resumption in five days, whereas IT teams report an average recovery of four to five weeks after a breach.
- Singapore, Thailand, and Vietnam suffered the most attacks on production data, secondary data, and backups; attacks on production data are highest in Singapore, Malaysia, and Vietnam.
- Only 35% of surveyed companies report successful recovery of 100% of their data.
- 91% of surveyed companies struggle to manage dark data and find they have ineffective data recovery and cyber resiliency capabilities.
71% of organisations surveyed had experienced at least one cyberattack in the past year. Singapore, Thailand, and Vietnam experienced the majority of attacks on data environments, including production, secondary, and backups, while attacks on production data only is highest in Singapore, Malaysia, and Vietnam.
Of those who experienced a cyberattack, only 35% successfully recovered 100% of their data. When asked about the challenges, maintaining immutable data across multi-infrastructure environments was identified as the top hurdle for organisations when trying to secure their data estates.
The research found misaligned expectations of business leaders and IT teams regarding cyber recovery. For business leaders, speed of business resumption is paramount – with 24% stating an outage of one day or less is tolerable. By the end of day five, 79% of business leaders expect the organisation to have data access restored and be back in business. However, the IT teams reported that the average time it took to recover from a breach was four to five weeks.
“Businesses in ASEAN are overwhelmed with huge volumes of data, escalating threats, and the complexity of their own IT systems,” said Commvault’s Michel Borst. “Additionally, they are dealing with diminished budgets and scarce IT and security teams. From our research, it is clear there are serious gaps in ASEAN organisations’ cyber resiliency maturity, their ability to recover all data, and the speed by which they can resume operations as the business requires.”
The research also highlights that 91% of companies struggle with managing dark data.
While cyber resiliency has a critical influence on maintaining business operations, the research revealed that only 7% of of the region’s companies believe they have a ‘proactive, mature cyber resiliency capability’.
Regarding testing their incident response plans, 85% of companies stated they have a response plan in place if attacked. However, only 26% said they have a “clearly understood response and communication plan in place” while 22% stated their incident response capability is weak, “very unorganised,” and “(they) scramble to respond.”
“Testing incident response and cyber readiness has historically been very challenging, but it is critical,” said Commvault’s Asia Head of Solutions Engineering Daniel Tan. The trouble is that traditional modes of testing can be cost-prohibitive and bring significant disruption to operations. This, compounded with having to engage multiple vendors, creates a lack of visibility into and gaps in recovery capabilities, ultimately costing organisations more in terms of money and time to recover.”
“(Modern solutions) are designed to not only provide companies with a way to orchestrate, on demand, recovery into a clean, isolated location in the cloud, but organisations can also use them to frequently and cost-effectively test their cyber recovery strategies in advance – critical in an age of rapidly evolving cyber threats,” added Tan.
The research revealed that 92% of companies are using some form of data cleanrooms across the region, of which 28% ranked better data recovery post-breach as the top benefit.
