Cybersecurity incidents could potentially cost APAC a staggering $1.745tn, amounting to more than 7% of the region's total GDP of $24.3tn, according to a Microsoft-commissioned Frost & Sullivan study.
The “Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World” study revealed that more than half of the organisations surveyed have either experienced a cybersecurity incident (25%) or are not sure if they had one as they have not performed proper forensics or data breach assessment (27%).
Some 1,300 business and IT decision makers ranging from mid-sized (250 to 499 employees) to large-sized organisations (over 500 employees) in Australia, China, Hong Kong, Indonesia, India, Japan, Korea, Malaysia, New Zealand, Philippines, Singapore, Taiwan and Thailand were surveyed.
The study showed that a large-sized organisation in APAC could possibly incur an economic loss of $30m, more than 300 times higher than the average economic loss for a mid-sized organisation $96,000. Furthermore, cybersecurity attacks have resulted in job losses across different functions in almost seven in ten (67%) organisations that have experienced an incident over the last 12 months.
“As companies embrace the opportunities presented by cloud and mobile computing to connect with customers and optimise operations, they take on new risks,” said Microsoft Asia enterprise cybersecurity group director Eric Lam. “With traditional IT boundaries disappearing the adversaries now have many new targets to attack. Companies face the risk of significant financial loss, damage to customer satisfaction and market reputation—as has been made all too clear by recent high-profile breaches.”
Beyond financial losses
To calculate the cost of cybercrime, Frost & Sullivan created an economic loss model based on macro-economic data and insights shared by the survey respondents. This model factors in three kinds of losses which could be incurred due to a cybersecurity breach:
Direct: Financial losses associated with a cybersecurity incident – this includes loss of productivity, fines, remediation cost, etc;
Indirect: The opportunity cost to the organization such as customer churn due to reputation loss; and
Induced: The impact of cyber breach to the broader ecosystem and economy, such as the decrease in consumer and enterprise spending.
“Although the direct losses from cybersecurity breaches are most visible, they are but just the tip of the iceberg,” said Edison Yu, vice president and Asia Pacific head of enterprise for Frost & Sullivan. “There are many other hidden losses that we have to consider from both the indirect and induced perspectives, and the economic loss for organizations suffering from cybersecurity attacks can be often underestimated.”
Beyond financial losses, cybersecurity incidents are also undermining Asia Pacific organizations’ ability to capture future opportunities in today’s digital economy, with one in six (59%) respondents stating that their enterprise has put off digital transformation efforts due to the fear of cyber-risks.
Gaps in APAC organisations’ cybersecurity strategies
Although high-profile cyberattacks such as ransomware have been garnering a lot of attention from enterprises, the study found that for organisations in the Asia Pacific that have encountered cybersecurity incidents, fraudulent wire transfer, data corruption, online brand impersonation and data exfiltration are the biggest concern as they have the highest impact with the slowest recovery time.
Besides external threats, the research also highlighted key gaps in organisations’ cybersecurity approach to protect their digital estate, such as not considering cybersecurity within the design of a digital transformation project.
AI the next cybersecurity frontier
The report noted that in a digital world where cyber threats are constantly evolving and attack surface is rapidly expanding, AI is becoming a potent opponent against cyberattacks as it can detect and act on threat vectors based on data insights. Three in four (75%) of APAC entities have either adopted or are looking to adopt an AI approach towards boosting cybersecurity.
AI’s ability to rapidly analyse and respond to unprecedented quantities of data is becoming indispensable in a world where cyberattacks’ frequency, scale and sophistication continue to increase. An AI-driven cybersecurity architecture will be more intelligent and be equipped with predictive abilities to allow organisations to fix or strengthen their security posture before problems emerge. It will also grant companies with the capabilities to accomplish tasks, such as identifying cyberattacks, removal of persistent threats and fixing bugs, faster than any human could, making it an increasingly vital element of any organizations’ cybersecurity strategy.
To help organisations better withstand and respond to cyberattacks and malware infections, the study recommended five best practices:
- Position cybersecurity as a digital transformation enabler
- Continue to invest in strengthening your security fundamentals
- Maximise skills and tools by leveraging integrated best-of-suite tools
- Assessment, review and continuous compliance
- Leverage AI and automation to increase capabilities and capacity
The study can be found here.