29 Aug 2017
Digitalisation offers game-changing productivity improvements, savings and consumer convenience - but businesses and governments must be properly prepared.
The growing speed and scope of digital transformation, along with the increasing number of targetable devices, are creating a ‘perfect storm’ for cyberattacks.
"Effects of an attack can be long lasting and expensive. Large organisations with more than 500 employees in APAC may stand to lose as much as US$30 million in the event of a cyber-breach.”
As many as three in five businesses in the Asia Pacific (APAC) region have put off digitalisation plans out of fear of cyberattacks, according to the Deloitte Cyber Smart: Enabling APAC businesses report, commissioned by VMware. Some 48 per cent of businesses in the region have experienced security attacks in the past 12 months and as many as 63 per cent have experienced business interruption due to a security breach.
Effects of an attack can be long lasting and expensive. According to our report, large organisations with more than 500 employees in APAC may stand to lose as much as US$30 million in the event of a cyber-breach. Threats can also flow beyond individual organisations affected to broader business networks using ‘island hopping’ tactics.
As the digital economy continues to grow in each country, so too does the exposure to cyberattacks according to Duncan Hewett, Senior Vice President and General Manager of Asia Pacific and Japan at VMware.
“Being appropriately prepared can mitigate the risks to organisations and minimise the potential costs of an attack,” according to Hewett. “Based on what we have seen in the region, businesses with an established cyber security strategy in place have confidence to invest in new technologies which can lead to higher levels of capital investment and productivity growth.”
The challenge for policy makers is to build a comprehensive legislative framework and environment that protects businesses from cybersecurity risks while allowing them to innovate and maximise the potential of digital technologies.
Deloitte sees interest from government, business owners and vertical experts in building a cyber smart Asia Pacific that we estimate can unlock as much as 0.7 per cent or $US145 billion additional gross domestic product (GDP) growth over the next 10 years.
Preparing for attack
The Deloitte Cyber Smart Index 2020 examines the level of cyber risk exposure faced by countries in the region and the degree of cyber preparedness.
Focusing on the inherent exposure to cyberattacks, the Index looks at the size of attack surface, the frequency of attack and value at risk. Within the preparedness measure, the Index looks beyond legal and policy environment to examine how businesses can be better prepared for the growing cyber risks.
Singapore tops the rank as both the most prepared and the most exposed country in APAC, with the highest rate of ICT penetration in APAC. With sound legal and organisational awareness, Singapore ranks consistently high across all measures of preparedness. Strong cyber legislation and high rates of research and development are also traits shared by South Korea, Australia, New Zealand and Japan that ranked high on country preparedness.
Malaysia is ahead of its peers with similarly low level of exposure but strong regulatory cooperation and a comprehensive privacy regime despite less impressive relative organisational capability.
Despite ranking low in exposure (11th), Vietnam experiences the highest frequency of cyberattacks. The lack of comprehensive legislation to deal with data security and privacy means the country is underprepared for cyberattacks. After Vietnam, Thailand experiences the second highest frequency of cyberattacks in the region. The growing use of online devices and interest in cryptocurrencies are expected to worsen Thailand’s exposure to risk.
What governments can do
Cybersecurity executives currently spend 7 per cent of their time on regulatory and compliance and twice the amount of time on cyber monitoring and operations. A safer and lower risk cyber environment can help to redirect their attention to more critical cyber domains. Governments across the region have a range of tools to help organisations better prepare for cyber threats and get their digitalisation projects back on track:
1. Leading by example
Governments are the fastest growing spenders on security in the region. With critical digital services increasingly central to governments around the region, spending alone is not sufficient. Lawmakers should consider broader governance structures that support any cyber strategy from transformation to compliance to talent recruitment.
2. Regulatory harmonisation
Cybercrimes can originate from any part of the world and are often difficult to investigate and prosecute. Regulatory harmonisation between sectors facilitates proactive cyber security strategies that contribute to stronger preparedness across the region and ultimately lead to greater enforcement of local laws—even in foreign jurisdictions.
Government procurement practices have an influence on the broader private sector. By implementing minimum cyber security criteria, there is an opportunity to identify potential flaws in the sourcing process and reduce overall costs of responding to a cyberattack.
Regional variation in reporting standards increases the regulatory burden on businesses operating in the region. Reporting regulation must ensure companies operate under the best standards of data protection without imposing burdensome restrictions on their day-to-day operations.
5. Developing skills
APAC represents the largest regional skills shortage in the world with 2.6 million fewer workers than required. In comparison the second largest shortage was found in Latin America which requires another 600,000 workers. This presents tremendous opportunity to implement specialised cyber security training, both for those entering higher education and those retraining or upskilling.
John O’Mahony is Partner and Lead Author of this research from Deloitte Access Economics Australia
More information can be found in the Deloitte Cyber Smart: Enabling APAC businesses report, commissioned by VMware.
The views and opinions expressed in this communication are those of the author and may not necessarily state or reflect those of ANZ.
29 Aug 2017
04 Dec 2018