A recent joint study by VDC Research and Kaspersky has revealed a significant vulnerability in the cybersecurity posture of industrial organisations across the Asia-Pacific (APAC) region. According to the report, only 26.7% of APAC-based firms conduct monthly cybersecurity assessments, leaving a wide security gap across critical sectors such as energy, utilities, manufacturing, and transportation.
Low frequency of cybersecurity checks
The survey, titled Securing OT with Purpose-built Solutions, highlights a troubling trend. While 42.7% of APAC organisations conduct vulnerability assessments every few months, 20% do so just once or twice a year. Even more concerning, 10.7% only conduct assessments when an incident forces a response. This inconsistency significantly raises the risk of unplanned downtime, reputational harm, and financial losses due to cyberattacks.
When compared to global averages, the APAC region lags behind by nearly 6% in performing regular security checks. Experts attribute this to a combination of operational pressures, complex patching requirements, and challenges unique to OT (Operational Technology) environments, where legacy systems and vendor inconsistencies further delay updates.
Also read: When OT Fails: Five Cyberattacks That Made History
Patch delays and rising OT threats
The research points to a broader issue in patch management. Only 21.3% of respondents said their organisations patch OT systems monthly. A majority—52%—apply patches every few months, and 16% patch only once or twice a year. This lag leaves critical infrastructure systems open to exploitation, especially as OT and IT converge and more IoT devices get connected.
The rise in smart sensors, advanced climate control, and real-time asset monitoring has expanded the attack surface across industries. Without centralised visibility and effective risk management, organisations may be blind to threats already lurking in their infrastructure.
Kaspersky’s security framework for OT resilience
To address these vulnerabilities, Kaspersky promotes its Industrial Cybersecurity (KICS) platform, which combines a centralised asset inventory, audit tools, and risk management features. This native XDR (Extended Detection and Response) platform supports scalability across distributed infrastructure while remaining compliant with OT-grade requirements.
Dmitry Lukian, Head of KasperskyOS Business Unit, advocates for a “Secure by Design” approach. This philosophy underpins Kaspersky’s Cyber Immune products, which are architecturally resilient and require less frequent patching or external security layers. According to Lukian, this approach leads to lower total cost of ownership without compromising security.
Adrian Hia, Managing Director for APAC at Kaspersky, reinforced this view, stating, “Consistency and continuity are essential for performance in a hypercompetitive market. Cyber resilience isn’t just a defensive strategy; it’s a competitive edge.”
