Story image

By the numbers: Cybercrime’s trillion-dollar cost to Asia Pacific

12 Jun 2018

Economic losses from cyber attacks in Asia Pacific is costing the region US$1.745 trillion – 7% of its entire GDP, a recent report commissioned by Microsoft reveals.

The report shows that a large organisation in Asia Pacific could possibly experience economic losses of US$30 million.

Breaches are also rampant – 52% have either experienced a cybersecurity incident, while 27% are unsure because they have not performed forensics or data breach assessments.

Cybersecurity incidents are also holding Asia Pacific organisations back from taking advantage of digital opportunities, the report says.

Interestingly, cyber attacks have resulted in job losses in 67% of organisations that experienced a cybersecurity incident in the last 12 months.

Job losses and financial cost aren’t the only forms of loss that organisations could experience.

Direct: Financial losses associated with a cybersecurity incident – this includes loss of productivity, fines, remediation cost; Indirect: The opportunity cost to the organisation such as customer churn due to reputation loss; and Induced: The impact of cyber breach to the broader ecosystem and economy, such as the decrease in consumer and enterprise spending.

Although the direct losses from cybersecurity breaches are most visible, they are but just the tip of the iceberg,” comments Frost & Sullivan vice president and Asia Pacific head of enterprise, Edison Yu.

“There are many other hidden losses that we have to consider from both the indirect and induced perspectives, and the economic loss for organisations suffering from cybersecurity attacks can be often underestimated.”

Despite experiencing breaches, cybersecurity is still an afterthought for many Asia Pacific organisations.

25% say they consider cybersecurity before the start of a digital transformation project, even if they have experienced an attack before. Even those who have never experienced an attack take security before a project more seriously (34%).

The rest of the organisations either think about cybersecurity only after they start on the project or do not consider it at all. This limits their ability to conceptualise and deliver a “secure-by-design” project, potentially leading to insecure products going out into the market, the report says.

More solutions does not equal stronger protection, either. Fewer than one in four (23%) of respondents with more than 50 cybersecurity solutions could recover from cyber attacks within an hour, however those with fewer than 10 solutions (40% of respondents) say they could recover within an hour.

“The ever-changing threat environment is challenging, but there are ways to be more effective using the right blend of modern technology, strategy, and expertise,” adds Microsoft Asia Enterprise Cybersecurity Group director Eric Lam.

“Microsoft is empowering businesses in Asia Pacific to take advantage of digital transformation by enabling them to embrace the technology that’s available to them, securely through its secure platform of products and services, combined with unique intelligence and broad industry partnerships.”

Microsoft and Frost & Sullivan recommend the following best practices:

  • Position cybersecurity as a digital transformation enabler
  • Continue to invest in strengthening your security fundamentals such as multi-factor authentication, and keeping anti-malware protection up to date
  • Maximise skills and tools by leveraging integrated best-of-suite tools
  • Assessment, review and continuous compliance
  • Leverage AI and automation to increase capabilities and capacity

The report, titled Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World, was conducted by Frost & Sullivan and involved a survey of 1300 decision makers from medium and large organisations.

It included respondents from New Zealand, Australia, China, Hong Kong, Indonesia, India, Japan, Korea, Malaysia, Philippines, Singapore, Taiwan, and Thailand.

ESET researchers break down latest arsenal of the infamous Sednit group
At the end of August 2018, the Sednit group launched a spear-phishing email campaign, in which it distributed shortened URLs that delivered first-stage Zebrocy components.
Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Who's watching you? 
With privacy an increasing concern amongst the public, users should be more aware than ever of what personal data companies hold.
Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.
Managing data to comply with privacy regulations - Micro Focus
It’s crucial for organisations to be able to access, understand, and accurately classify the data they have so they know how to treat it.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
SEGA turns to Palo Alto Networks for cybersecurity protection
When one of the world’s largest video game pioneers wanted to strengthen its IT defences against cyber threats, it started with firewalls and real-time threat intelligence from Palo Alto Networks.