The State of Data Readiness – a study conducted by Tech Research Asia and commissioned by Commvault, has revealed critical trends that threaten the success or failure of business continuity strategies for executive leaders and boards across Asia.
A Gap in Readiness and Resilience
The study highlights a significant gap between readiness and resilience in Asia. While 9 in 10 organisations believe they have the right plans in place to recover from a cyberattack, only a third of them can actually respond effectively. This lack of resilience can have severe consequences for businesses, as seen in the example of a major retailer in Southeast Asia, which suffered a data breach resulting in significant financial losses and reputational damage.
- Key factors contributing to this gap include a lack of incident response plans, inadequate testing, and insufficient visibility into cloud environments.
- Furthermore, the increasing complexity of cloud infrastructures and the rise of emerging AI regulations are forcing organisations to rethink their resilience strategies.
Under Pressure, Confidence Crumbles
The survey also found that while 9 in 10 organisations believe they can withstand a cyber breach, their confidence crumbles under pressure. When tested, only a third of organisations could respond effectively. This lack of confidence is reflected in the example of a Singaporean company, which reported that its incident response plan was not enough to help it recover from a cyberattack, and instead, it had to scramble to find a solution.
| Organisation | Confidence in cyber breach readiness | Confidence in response time | Actual response time |
|---|---|---|---|
| Singaporean Company | High | 1 day | 4 weeks |
| Malaysian Company | High | 2 days | 6 weeks |
Resilience Requires Continuous Testing
Gareth Russell, Field CTO for APAC at Commvault, highlights the importance of continuous testing in incident response plans. “Once a breach occurs, even the most meticulously crafted plans can fall apart,” he said. “Organisations must elevate their cybersecurity maturity by regularly testing incident response plans, auditing AI tools for risk, and building strong data management foundations.”
Key Findings on Recovery Reality
- 72% of business leaders in Asia believe they can recover within five days of a cybersecurity event.
- Nearly a quarter (23%) expect full recovery in just one day.
- However, the reality is starkly different: IT leaders report it takes at least 3-4 weeks to restore even a minimum level of business operation.
The Compliance Burden Grows
The study also found that 52% of organisations are now subjected to at least four different regulatory and compliance acts, and another 10% currently ‘don’t know’ what their companies need to be fully regulatory compliant.
- Organisations are facing multiple requirements for cross-border data transfers, with 53% stating they already experience conflicting regulatory requirements for their data across different geographies.
- Resilience today requires more than technology—it demands compliance readiness, too.
Breaking Down Barriers to Resilience
To break down barriers to resilience, organisations must elevate their cybersecurity maturity, test incident response plans regularly, and build strong data management foundations. As Michel Borst, Area Vice President for Asia at Commvault, said, “Confidence without capability can lead to business failure when the worst happens. What organisations need is minimum viable readiness—a baseline level of cyber resilience so they can respond, recover, and resume operations following an attack.”
“Resilience is not a one-time effort; it must be embedded into the fabric of everyday operations.” Gareth Russell, Field CTO for APAC
Conclusion
In conclusion, the study highlights the critical need for organisations to bridge the gap between readiness and resilience in the face of increasing cyber threats. By elevating their cybersecurity maturity, testing incident response plans regularly, and building strong data management foundations, organisations can ensure a higher level of resilience and reduce the risk of business failure.
