By using this site, you agree to the IDC Privacy Policy

16 May 2017

IDC Research Shows 72% of Financial Services Organizations Across Asia Pacific (Excluding Japan) are Still at Early Stages of IT Security

SINGAPORE, May 17th, 2017 – Trust is a critical aspect of all business. Be it B2B or B2C, and nowhere is the concept of trust more deeply embedded than in the Financial services industry. We trust banks with our money, insurance companies with our health and future and investment companies with our savings, and yet the recent IDC MaturityScape Benchmark: IT Security in Financial Services in Asia/Pacific (Excluding Japan) 2017 highlighted that the ability of these organizations to manage their own IT security may not be as advanced as we might expect.

The IDC MaturityScape Benchmark: IT Security in Financial Services in Asia/Pacific (Excluding Japan) 2017 studied the maturity of 106 financial services organization across Asia Pacific excluding Japan and found that, on a scale of 1-5 for IT security maturity, more than two thirds of all respondents (71.6%) were at either stage 1 (29.2%) or Stage 2 (42.4%).

“This is not what we had expected to see,” says Simon Piff, Vice President of Security Practice for IDC Asia Pacific. Piff adds, “The key issues at hand that resulted in this shocking statistic is very much about the way IT security is considered within organisations. Thinking that IT security is a problem for IT to solve is both short-sighted and does not embrace the full issue.”

“Organisations must think in terms of ‘business risk’ first then decide how IT can help mitigate some of these risks, and not simply assign an ‘IT’ label to it,” says Piff.

In the hyper-connected world of today, the methods by which threat actors will try to breach a network are many and varied, and traditional IT approaches of focusing on perimeter prevention, without investing sufficiently into network detection and remediation, is at that heart of the issue. “The bad guys are already on the inside, and we are all looking outside to see what we can stop thereby missing the advanced threat actors who can create the worst scenario for any business,” ends Piff.

The results in this study are based on IDC's 2016 IT Security MaturityScape Benchmark Survey of 852 organizations across Asia/Pacific (excluding Japan) (APEJ), conducted from June to July 2016. The telephone survey used a structured questionnaire which focused on the five dimensions of IDC's IT Security MaturityScape framework. For each dimension, we created a set of questions to assess the level of capability and/or maturity for the dimension. Of the respondents, 106 identified themselves from the financial services industry. The IDC IT Security MaturityScape is based on global best practices for IT security maturity, and is available at

To provide an update on IT Security technology and trends, IDC is holding an IT Security Conference series. This event series aims to articulate how the threat landscape is changing, explain why business leaders need to be more concerned about the potential impact of breaches, even in markets with minimal legislation, and provide insight into what some of the world class organizations are doing to achieve the highest levels of IT Security. The IDC IT Security Conference series will be held in three cities: Kuala Lumpur, Bangkok and Manila. Details about the events can be found at the website

For more information on this IDC MaturityScape Benchmark: IT Security in Financial Services in Asia/Pacific (Excluding Japan), 2017, please contact Simon Piff or your IDC account manager. For media inquiries, please contact Tessa Rago at or Alvin Afuang at

About IDC MaturityScape Benchmark

IDC MaturityScape Benchmark reports aid in the discussion of IT strategy and technology investments by helping IT executives and their enterprise partners gauge where their enterprise is in relation to that of their peers and competitors, best achievers, and the least invested. By utilizing IDC benchmark data, IDC MaturityScape Benchmarks enable organizations to compare maturity against peers, pinpoint which dimensions of an initiative peer organizations are more mature in, and identify the benefits organizations achieve as they move to more mature stages. This benchmark study focused on organizations with 500 or more employees in Asia/Pacific (excluding Japan).

About IDC

International Data Corporation (IDC) is the premier global provider of market intelligence, advisory services, and events for the information technology, telecommunications, and consumer technology markets. With more than 1,100 analysts worldwide, IDC offers global, regional, and local expertise on technology and industry opportunities and trends in over 110 countries. IDC's analysis and insight helps IT professionals, business executives, and the investment community to make fact-based technology decisions and to achieve their key business objectives. Founded in 1964, IDC is a subsidiary of IDG, the world's leading technology media, research, and events company. To learn more about IDC, please visit Follow IDC on Twitter at @IDC

For more information, contact:

Theresa Rago
+65 91593053

Alvin Afuang
+63917 7974586

Simon Piff
+ 65 6226 0330