Symantec senior director cyber security services Asia Pacific and Japan, Peter Sparkes
Symantec's regional security boss has said that in order to protect a business from cyber threats, you must first understand it.
"I would say that in the end, we are protecting businesses so we have to understand their business," said Symantec senior director cyber security services Asia Pacific and Japan, Peter Sparks.
"We need to understand what's important to their business and therefore, how to protect that business."
Sparks said that in the modern threat landscape, to defend everything is to defend nothing.
"Protecting everything is long gone. It is protecting the core assets and capabilities in a business. Having that communication is critical," he said
When asked if companies were still reactive to cyber threats or becoming proactive, Sparks said it was a mix.
"Certainly there are some companies that get breached and all hell breaks loose. Then there are a lot of companies where the board is starting to discuss it with the C-suite," he said.
Sparks said that board members that also sit on other boards where security discussions are common are bringing it to into the discussion at meetings.
"We are seeing at the board level, a lot more understanding of the long term risk to the company of these types of risks."
Symantec senior vice-president Asia Pacific and Japan, Sanjay Rohatgi, said many companies were paying more attention to how security breaches could affect public image.
"The reality is that no company wants to be on the front page of the newspaper for the wrong reasons. The discussion is moving from the CIO and CISO to the board level because enterprise risk and technology risk is fundamental to protecting the brand and making sure they are well covered."
Sparks agreed and said that for banks, more than any other organisation it is about public perception.
"If you look at the banks, one of the reasons they built those huge sandstone buildings in Martin Place and other locations was to show that they were secure and trustworthy," he said.
"Now in the online world, they are still having to prove that to customers that they are trustworthy and secure, it's the same as the buildings. They have to have those controls in place to show that."
Sparks said that one of the things that the firm was finding with organisations is that they were increasingly taking the view that it is not a matter of if but when they will be breached.
"Often it is not only their organisation that might be breached but a third party supplier that they are working with where the breach actually happens. The tide is changing from a it will never happen to me mentality to a it's not a matter of if but when," he said.
Sign up for MIS Asia eNewsletters.