Tenable Study Finds 74% of Japanese Organisations Seek More Resources for Proactive Cyber Defence

Tenable®, Inc., the Exposure Management company, published a new study revealing that 74% of Japanese respondents believe their organisations could better defend against cyberattacks with more resources dedicated to preventive cybersecurity. However, a concerning 68% indicated that their cybersecurity teams spend the majority of their time addressing critical incidents, hindering them from taking a proactive stance.

The study further revealed that over the past two years, Japanese organisations successfully thwarted 63% of cyberattacks. However, this meant they were left vulnerable to the remaining 37%, causing them to resort to reactive measures rather than preventing the attacks from the outset.

The data is drawn from, “Old Habits Die Hard: How People, Process and Technology Challenges Are Hurting Cybersecurity Teams in Japan,” a commissioned study of 825 IT and cybersecurity professionals including 50 Japanese respondents conducted in 2023 by Forrester Consulting on behalf of Tenable.

The study, which emphasises the significance of adopting a proactive cybersecurity approach, found that a core reason for the prevalent reactivity in Japanese organisations’ cybersecurity practices is the lack of alignment in goals between IT and security teams. Seven in 10 (72%) organisations say their IT teams are more concerned with uptime than patching/remediation. The disparity results in a lack of coordination between the two teams, a challenge acknowledged by 42% of Japanese organisations.

Japanese organisations were also struggling to identify the right threats to remediate, with only 22% of respondents reporting they were “extremely confident” that their organisation’s cybersecurity practices were successfully reducing their risk exposure. An even lower 10% were “extremely confident” that the vulnerabilities they prioritised for remediation over the past year posed the greatest threats to the organisation.

“Siloed cybersecurity tools, and by extension, the teams behind them, are inadvertently preventing organisations from having a clear, continuous, and comprehensive view of their cyber risk,” said Naoya Kishima, Country Manager at Tenable Japan. “Internal mindsets further complicate matters, and make collaboration between IT and security teams challenging.”

The use of numerous third-party technologies without established processes poses a significant vulnerability for Japanese organizations. A striking 72% of respondents utilise third-party programs for SaaS apps and services, but fewer than half (46%) possess high to very high visibility into third-party environments.

Naoya noted, “While there are no quick fixes to these challenges when we look at key differences between low-maturity and high-maturity organisations across the overall sample, some themes begin to emerge that can serve as a guide for organisations looking to reduce their risk.”

• Low-maturity organisations are more likely to be stuck in reactive mode. In the past 12-24 months, high-maturity organisations preventively defended against 61% of the attacks they experienced and reactively mitigated against the rest. In low-maturity organisations, 56% of attacks were preventively defended while 44% were reactively mitigated. 
• High-maturity organisations see the value in data aggregation: 57% use aggregation tools to collect and analyse data to quantify risk exposure, compared with only 46% of low-maturity organisations. 
• High-maturity organisations spend far less time each month producing reports for business leaders than their low-maturity counterparts: 57% of high-maturity organisations say it takes 11 hours or more to produce such reports, compared with 72% of low-maturity organisations. 
  
   

-ENDS-

To read the full study, visit here. 

Note to Editors:

• Forrester Consulting conducted an online survey of 825 IT and cybersecurity professionals including 50 Japanese respondents at large enterprises in the US, the UK, Germany, France, Australia, Mexico, India, Brazil, Japan, and Saudi Arabia. The study was fielded in March 2023.
  
   
• Maturity Modelling: Respondents were scored based on their answers to questions measuring different aspects of their maturity: their use of preventive security tools, how they prioritise resources to reduce threat exposure, and the degree of visibility and collaboration within their organisation. Forrester scored those in the bottom 20% as low maturity, the middle 60% as medium maturity, and the top 20% as high maturity.

About Tenable
Tenable® is the Exposure Management company. 全球大約有 43,000 多家企業仰賴 Tenable 協助瞭解並降低網路風險。身為 Nessus® 的創造者，Tenable 拓展了自己在弱點方面的專業知識，以提供全球第一個可在任何運算平台上查看和維護任何數位資產安全的平台。在 Tenable 的客戶中，包含大約 60% 的財星 500 大企業、大約 40% 的全球 2000 大企業以及大型政府機構。如需深入瞭解，請前往 tenable.com。

###

Media Contact:
[email protected]