According to the Deloitte report - Cyber Smart: Enabling APAC - commissioned by enterprise software vendor VMware - 48% of businesses in the region have experienced security attacks in the past 12 months, and as many as 63% have experienced business interruption due to a security breach.
VMware says that effects of an attack can be long lasting and expensive and according to the report, large organisations with more than 500 employees in APAC may stand to lose as much as US$30 million in the event of a cyber breach - and threats can also flow beyond individual organisations affected to broader business networks using ‘island hopping’ tactics.
“As the digital economy continues to grow in each country, so too does the exposure to cyberattacks. Being appropriately prepared can mitigate the risks to organisations and minimise the potential costs of an attack,” says Duncan Hewett, senior vice president and general manager of Asia Pacific and Japan at VMware.
Based on what we have seen in the region, businesses with an established cyber security strategy in place have confidence to invest in new technologies which can lead to higher levels of capital investment and productivity growth,” Hewett says.
John O’Mahony, partner and lead author of the research from Deloitte Access Economics in Australia says “the challenge for policy makers is to build a comprehensive legislative framework and environment that protects businesses from cybersecurity risks whilst allowing them to innovate and maximise the potential of digital technologies”.
“We see interest from government, business owners, and vertical experts in building a cyber smart Asia Pacific that we estimate can unlock as much as 0.7% or US$145 billion additional GDP growth over the next ten years.”
The report reveals that Singapore tops the rank as both the most prepared and the most exposed country in APAC, with highest rate of ICT penetration in APAC - and with sound legal and organisational awareness, Singapore ranks consistently high across all measures of preparedness.
“Strong cyber legislation, and high rates of R&D are also traits shared by South Korea, Australia, New Zealand, and Japan that ranked high on country preparedness,” the report observes, adding that “Malaysia is ahead of its peers with similarly low level of exposure but strong regulatory cooperation and a comprehensive privacy regime despite less impressive relative organizational capability.”
And despite ranking low in exposure at 11th, the report notes that Vietnam experiences the highest frequency of cyberattacks, and the lack of comprehensive legislation to deal with data security and privacy means the country is underprepared for cyberattacks.
After Vietnam, Thailand experiences the second highest frequency of cyberattacks in the region, with the report observing that the growing use of online devices and interest in cryptocurrencies are expected to worsen Thailand’s exposure to risk.
In a comment on what Governments can do, the report says that cybersecurity executives currently spend 7% of their time on regulatory and compliance, and twice the amount of time on cyber monitoring and operations.
“A safer and lower risk cyber environment can help to redirect their attention to more critical cyber domains. Governments across the region have a range of tools to help organisations better prepare for cyber threats and get their digitalisation projects back on track by:
Leading by example
Governments are the fastest growing spenders on security in the region. With critical digital services increasingly central to governments around the region, spending alone is not sufficient. Lawmakers should consider broader governance structures that support any cyber strategy from transformation to compliance to talent recruitment.
Cybercrimes can originate from any part of the world and are often difficult to investigate and prosecute. Regulatory harmonization between sectors facilitates proactive cyber security strategies that contribute to stronger preparedness across the region, and ultimately lead to greater enforcement of local laws—even in foreign jurisdictions.
Government procurement practices have an influence on the broader private sector. By implementing minimum cyber security criteria, there is an opportunity to identify potential flaws in the sourcing process and reduce overall costs of responding to a cyberattack.
Regional variation in reporting standards increases the regulatory burden on businesses operating in the region. Reporting regulation must ensure companies operate under the best standards of data protection without imposing burdensome restrictions on their day-to-day operations.
APAC represents the largest regional skills shortage in the world with 2.6 million fewer workers than required. In comparison the second largest shortage found in Latin America which requires another 600,000 workers[. This presents tremendous opportunity to implement specialised cyber security training, both those entering higher education and those retraining or upskilling.