According to the Deloitte Cyber Smart: Enabling APAC businesses report, commissioned by VMware, a leading innovator in enterprise software, Malaysia’s thriving digital economy and the recent surge in workforce mobility across the region are exposing businesses to an increasingly ‘perfect storm’ for cyber-attacks. Analysing cyber exposure, preparedness and economic opportunity across 12 economies in Asia Pacific (APAC), the report found that there is opportunity to grow GDP by US$145 billion for the entire region over the next 10 years if enterprises adopt an intrinsic security approach that ensures business continuity while driving greater adoption of new technologies.
According to other reports, cybersecurity expenditure in Southeast Asia was estimated at US$1.9 billion in 2017 and is projected to grow to US$5.5 billion by 2025. Yet, cyber-attacks remain a key threat to organisations in the region. Further, in the past 12 months, almost half of the businesses in APAC experienced security attacks. A study noted that 63 percent of organisations suffered from business disruption due to a security breach.
Companies are paying the price too, with the report indicating effects of cyberattacks are becoming more expensive – large organisations with more than 500 employees in APAC may stand to lose as much as US$30 million in the event of a cyber breach; for mid-sized organisations with 250 – 500 employees, the cost is at least US$96,000.
“As the digital economy continues to grow in each country, so too does the exposure to cyberattacks. Being appropriately prepared can mitigate the risks to organizations and minimize the potential costs of an attack. Based on what we have seen in the region, businesses with an established cyber security strategy in place have confidence to invest in new technologies which can lead to higher levels of capital investment and productivity growth,” said Duncan Hewett, Senior Vice President and General Manager of Asia Pacific and Japan at VMware.
“The challenge for policy makers is to build a comprehensive legislative framework and environment that protects businesses from cybersecurity risks whilst allowing them to innovate and maximize the potential of digital technologies. We see interest from government, business owners, and vertical experts in building a cyber smart Asia Pacific that we estimate can unlock as much as 0.7 percent or US$145 billion additional GDP growth for the region over the next ten years,” said John O’Mahony, Partner and lead author of the research from Deloitte Access Economics in Australia.
VMware-Deloitte Cyber Smart Index 2020
The VMware-Deloitte Cyber Smart Index 2020 examines the level of cyber risk exposure faced by countries in the region, and the degree of cyber preparedness. The Index looks at the size of attack surface, the frequency of attack and value that is at risk while focusing on the inherent exposure to cyberattacks. Within the preparedness measure, the Index looks beyond legal and policy environment to examine what businesses can do to be better prepared for the growing cyber risks. Key findings include:
Malaysia is ahead of its peers with similarly low level of exposure due to strong regulatory cooperation and a comprehensive privacy regime despite less impressive relative organisational capability.
Singapore tops the Index as the most prepared country in APAC, scoring consistently high across all measures of preparedness, with sound legal and organisational awareness despite being the most exposed country in APAC with the highest rate of ICT penetration.
Japan has the 3rd highest exposure to cyber risk and 2nd highest preparedness in APAC. However, anecdotal industry perspective is that organisational preparedness could be improved.
Australia ranked as the 3rd most prepared, and 4th most exposed to risk in the region. Australia particularly has strong cyber legislation, education and R&D.
South Korea performs relatively well in preparedness, with high rates of R&D and response time for cyber threats. The pervasive use of technology by business and government exposes the country to substantial cyber risks.
Thailand ranks 8th in preparedness and 9th in exposure, but the country has one of the highest cyber-attack rates in APAC, driven in part by the growing use of online devices and interest in cryptocurrencies which has increased Thailand’s exposure to risks.
Indonesia ranks lower than its ASEAN counterparts despite its large economy and increasing digitalisation, largely because of its small services sector. The country’s exposure is likely to grow in the coming years.
Vietnam despite a low ranking in exposure (11th), experiences the highest frequency of cyberattacks. The lack of comprehensive legislation to deal with data security and privacy means the country is underprepared for cyberattacks.
The role of governments
Cyber security executives currently spend 7 percent of their time on regulatory and compliance, and twice the amount of time on cyber monitoring and operations. A safer and low risk cyber environment can help to redirect their attention to more critical cyber domains. Governments across the region have a range of tools to help organisations better prepare for cyber threats and get their digitalisation projects back on track:
Leading by example
Governments are the fastest growing spenders on security in the region. With critical digital services increasingly central to governments around the region, spending alone is not sufficient. Lawmakers should consider broader governance structures that support any cyber strategy from transformation to compliance to talent recruitment.
Cybercrimes can originate from any part of the world and are often difficult to investigate and prosecute. Regulatory harmonization between sectors facilitates proactive cyber security strategies that contribute to stronger preparedness across the region, and ultimately lead to greater enforcement of local laws—even in foreign jurisdictions.
Government procurement practices have an influence on the broader private sector. By implementing minimum cyber security criteria, there is an opportunity to identify potential flaws in the sourcing process and reduce overall costs of responding to a cyberattack.
Regional variation increases the regulatory burden on businesses operating in the region. Reporting regulation must ensure companies operate under the best standards of data protection without imposing burdensome restrictions on their day-to-day operations.
APAC represents the largest regional skills shortage in the world with 2.6 million fewer workers than required. In comparison the second largest shortage found in Latin America which requires another 600,000 workers. This presents tremendous opportunity to implement specialized cyber security training, both those entering higher education and those retraining or upskilling.
Intrinsic security, a must-have for a progressive society
A secure digital economy is a joint responsibility between private and public sectors. For enterprises, when applications are now deployed across multiple clouds and accessed from many different devices across various locations, this means that the traditional approach of bolted on security is no longer enough.
“The unprecedented demand for a mobile workforce set against the backdrop of Malaysia’s fast-growing digital economy marks a key turning point for local organizations. In this new paradigm, organizations must make security intrinsic to the enterprise to enable business continuity and success,” said Devan Parinpanayagam, Country Manager, VMware Malaysia. “To this end, VMware is delivering intrinsic security that covers all the critical control points of the modern enterprise, making security more automated, proactive and pervasive. This helps safeguard organizations from threats and disruptions, giving them the confidence to drive their business forward into the digital future.”
Organisations will be able to shrink the attack surface, instead of chasing threats, gaining an advantage over potential attackers by making security intrinsic. This is also in line with VMware’s intrinsic security vision which harnesses VMware technology that resides in the infrastructure stack to deliver security across any app, on any cloud and through any device. With intrinsic security, VMware can reduce the risk to critical applications, sensitive data, and users by shrinking the attack surface across clouds, data centres, end users, and the enterprise edge, allowing organisations to put in place more effective cyber security strategies to support their growth in the region’s fast-expanding digital economy.