As more organizations continue to grapple with the cybersecurity workforce shortage, and move to implement solutions like Managed Detection and Response, it appears as though experiencing an incident could be the top driver to shape a CISO’s decision.

In our recent international survey, one of the top drivers reported to shape a company’s information security decision was “experiencing incidents” in the three countries (the US, Singapore and Japan) where our research was carried out. More than 40% of respondents from each country answered their companies decided to take measures to strengthen cybersecurity after experiencing an incident.  Our research survey also shows that more than 80% of respondents in each country (the US, Singapore, and Japan) answered that their companies had experienced security incidents at least once in the past year.

The top driver in Singapore reported was changes in laws or regulations. Notable here that the Personal Data Protection Commission recently fined and warned 11 organizations for flouting the Personal Data Protection Act (PDPA) which appears to have encouraged companies in Singapore to be in compliance with laws or regulations.

Given that many other government authorities are scheduled to implement new laws or regulation (e.g. Cybersecurity regulation from NY DFS, Amended Act on the Protection of Personal Information in Japan, and General Data Protection Regulation in EU), the number of companies taking steps to strengthen cybersecurity measures in compliance with laws and regulations will likely increase

To learn about other cybersecurity strategy insights, download a free copy of our new report “NRI Secure Insight 2017 Report”

NRI Secure Insight International Information Security Survey is a survey conducted by NRI SecureTechnologies, Ltd. This survey assesses current awareness among companies of cybersecurity threats, and the measures taken at companies to combat these threats.