By using this site, you agree to the IDC Privacy Policy

12 Feb 2017

IDC Research Shows 84% of Organizations Across APeJ are Operating with Less-than-ideal IT Security Strategies in Place

Critical areas for improvement around People and Technologies

SINGAPORE, February 13th, 2016 – IDC Asia/Pacific recently published the IDC IT Security MaturityScape report for Asia Pacific excluding Japan (APeJ) - a study on the current state of enterprise security based upon quantitative research of over 800 organizations across the region. The report highlights that a significant number of organizations within the region are operating at what IDC believes to be the lowest states of IT Security readiness and that fully 84% of the sample studies are within the first two stages of IDC’s five-stage maturity model.

"This level of capability with regards to IT security across the APeJ region is not hugely surprising, given the legislative environments that many organizations operate within. But as the threats are now surpassing the issues that legislation impacts, and businesses begin to experience direct financial loss as a result of malware or denial of service/ access, organizations need to take a closer look at what is at stake for them, beyond that which regulation encompasses," says Simon Piff, Vice President, Security Practice, IDC Asia Pacific.

The MaturityScape Benchmark is a global benchmark based upon the IDC MaturityScape: IT Security 2.0 (IDC #US40661915, December 2015) which identifies the stages, dimensions, outcomes, and actions required for companies to effectively foster the security maturity needed to compete in the new era of the 3rd Platform.

IDC's IT Security MaturityScape enables an organization to assess its architectural competency and maturity with respect to its leadership, organization, processes, deliverables, and technology. The IDC MaturityScape provides CIOs, CEOs, line-of-business (LOB) leaders, functional leaders, and other senior leaders with insights that will help their organization mature and thrive in the new business environment ignited by the 3rd Platform.

Key areas the study highlighted as needing improved focus were those around People and Security Technologies. The People issue is a major challenge across the industry globally, but in the region the issues are simply having any degree of dedicated resource for this issue. This lack of a focal points makes IT Security the partial responsibility of a number of people. Simply expecting the CIO to be able to defend the business sufficiently shows a lack of understanding of the problem and the threats. Similarly, the application of technology is still focused on protecting the perimeter, something the industry has acknowledged is almost impossible to achieve due to the change in architectures with the evolution of cloud and mobile computing.

"What is needed is a fresh look at what are the potential risks to an organization, a deeper understanding of the key digital assets that need protection and then a more targeted approach to protecting those assets, not assuming that the bad guys are always outside of the organization, and constantly monitoring this highly volatile environment', says Piff.

For inquiries on this IDC MaturityScape Benchmark document, please contact your IDC account manager or Shari Jane Jansen at For media inquiries, please contact Tessa Rago at or Alvin Afuang at

About IDC MaturityScape Benchmark

IDC MaturityScape Benchmark reports aid in the discussion of IT strategy and technology investments by helping IT executives and their enterprise partners gauge where their enterprise is in relation to that of their peers and competitors, best achievers, and the least invested. By utilizing IDC benchmark data, IDC MaturityScape Benchmarks enable organizations to compare maturity against peers, pinpoint which dimensions of an initiative peer organizations are more mature in, and identify the benefits organizations achieve as they move to more mature stages. This benchmark study focused on organizations with 500 or more employees in Asia/Pacific (excluding Japan).

About IDC

International Data Corporation (IDC) is the premier global provider of market intelligence, advisory services, and events for the information technology, telecommunications, and consumer technology markets. With more than 1,100 analysts worldwide, IDC offers global, regional, and local expertise on technology and industry opportunities and trends in over 110 countries. IDC's analysis and insight helps IT professionals, business executives, and the investment community to make fact-based technology decisions and to achieve their key business objectives. Founded in 1964, IDC is a subsidiary of IDG, the world's leading technology media, research, and events company. To learn more about IDC, please visit Follow IDC on Twitter at @IDC

For more information, contact:

Theresa Rago
+65 91593053

Alvin Afuang
+63917 7974586

Simon Piff
+ 65 6226 0330