At least 75% of Asia Pacific organizations have experienced cyber attacks in the past year, costing them as much as US$763,000 annually, as companies grapple with gross understaffing and exponentially rising cyber threats in their respective firms, says a Symantec report.

The January 2010 survey of 850 enterprise CIOs, CISOs and IT managers from Asia Pacific forms part of a global survey of 2,100 small, mid-sized and large enterprises around the world.

“Protecting information today is more challenging than ever,” said Bernard Kwok, Symantec's senior vice president for Asia Pacific and Japan. “By putting in place a security blueprint that protects their infrastructure and information, enforces IT policies, and manages systems more efficiently, businesses can increase their competitive edge in today’s information-driven world.”

Security is of great concern to enterprises. The study found that 38 percent of organizations in Asia Pacific rate security their top issue. In Hong Kong, 50 percent of enterprises rank natural disasters as their top concern, more than cyber attacks (25 per cent) and terrorism (25 percent). On average, the median enterprise in Hong Kong assigns 53 staffers to security and IT compliance.

All enterprises surveyed (100 percent) in Hong Kong rated “reduce IT costs” as the top goal for 2010. They also cited “improve infrastructure capacity” (75 percent) and “better manage business risk of IT” (50 percent) as additional goals for this year. Nearly all enterprises surveyed in Asia Pacific (94 percent) forecast changes to security in 2010, with almost half (48 percent) expecting major changes.

Enterprises are experiencing frequent attacks. In the past 12 months, 75 percent of enterprises in Asia Pacific experienced cyber attacks, with 25 percent of Hong Kong enterprises rating the attacks somewhat/highly effective.

Every enterprise (100 percent) experienced cyber losses in 2009. The top three reported losses in Asia Pacific were theft of intellectual property, theft of customer credit card information or other financial information, and theft of customer personally identifiable information. The top three costs were productivity, revenue, and loss of customer trust.

Enterprises in Asia Pacific reported spending an average of US$763,000 annually to combat cyber attacks.

According to the Symantec report, enterprise security is becoming more difficult due to a number of factors. First, enterprise security is understaffed, with the most impacted areas in Hong Kong being incident response (75 percent), IT audit and compliance (50 percent) and network security (50 percent).

Second, enterprises are embarking on new initiatives that make providing security more difficult. In Asia Pacific initiatives that IT rated as most problematic from a security standpoint include infrastructure-as-a-service, platform-as-a service, server virtualization, endpoint virtualization, and software-as-a-service. Finally, IT compliance also emerged as a huge undertaking for enterprises in Hong Kong.

Although enterprises in Hong Kong were not exploring as many IT standards, the typical enterprise in Asia Pacific is exploring 19 separate IT standards or frameworks. The top standards include Common Criteria, FIPS, FISMA, HIPPA, COSO.