The VDC Research-Kaspersky study, "Securing OT with Purpose-built Solutions, revealed that only 26.7% of organisations in the Asia-Pacific (APAC) region perform regular cybersecurity assessments. This implies that 73.3% of respondents in the region are vulnerable to unplanned downtime, production losses, and potential reputational and financial damages from cyber breaches.
This lack of proactive measures is particularly alarming given the increasing complexity of the cyber threat landscape.
The study underscores the necessity of a robust cybersecurity strategy that begins with comprehensive visibility into an organisation’s assets. Leaders must identify which assets require protection and evaluate the highest risk areas. However, the findings indicate that many organisations are falling short in this regard.
A substantial portion of businesses in APAC are not engaging in regular penetration testing or vulnerability assessments. While 42.7% conduct assessments every few months, a concerning 20% do so only once or twice a year.
Alarmingly, 10.7% assess vulnerabilities only as needed. This inconsistent approach is approximately 6% lower than the global average, which may leave organisations open to significant threats.
Moreover, effective patch management is critical for safeguarding industrial environments. The study reveals that 21.3% of organisations apply patches monthly, while 52% do so every few months, and 16% update their systems only once or twice a year.
This infrequency in patching exacerbates the risk exposure, particularly in operational technology (OT) environments, where challenges such as limited device visibility and inconsistent vendor support complicate matters.
As IT and OT systems converge, harmonising these traditionally disparate systems becomes increasingly important. The proliferation of Internet of Things (IoT) devices further broadens the attack surface, highlighting the urgent need for more robust cybersecurity measures.
To address these challenges, Kaspersky advocates for the adoption of the Secure by Design ideology when deploying new OT devices or systems. This approach focuses on building resilience into products from the outset, reducing reliance on constant patching and external security layers.
According to Kaspersky, Cyber Immune products can enhance organisational resilience while minimising additional cybersecurity costs.

According to Adrian Hia, Kaspersky's managing director for APAC emphasises that in a hypercompetitive environment, organisations must bolster their cybersecurity systems not only to protect their operations but also to maintain their competitive edge.
"There is a need for companies to bolster the resiliency of their cybersecurity systems - not only to protect their operations, but also to strengthen their competitive edge in a digitally driven economy.” Adian Hia