WavebreakMediaMicro - Fotolia
The potential losses from cyber security incidents in Asia-Pacific (APAC) could hit a staggering $1.75tn, accounting for 7% of the region’s GDP in 2017, a study has found.
According to the Frost and Sullivan study commissioned by Microsoft, a large-sized organisation in APAC can incur an average economic loss of $30m, more than 300 times higher than that for a mid-sized organisation.
Furthermore, cyber security attacks have resulted in job losses across different functions in almost seven in 10 (67%) organisations that have experienced an incident over the past year.
More than half of the 1,300 organisations that participated in the study had either experienced a cyber security incident (25%) or are not sure if they had one as they did not conduct proper forensics or data breach assessment (27%).
To calculate the cost of cyber crime, Frost and Sullivan developed an economic loss model based on data and insights shared by respondents.
This includes direct losses from fines and remediation costs; indirect losses such as customer churn as a result of reputational damage; and induced losses, such as the decrease in consumer and enterprise spending.
According to Frost and Sullivan, a large organisation in APAC could face, on average, $3.4m in direct losses, $9.7m in indirect losses and $17.2m in induced losses.
Edison Yu, Frost and Sullivan’s vice-president and APAC head of enterprise, said although direct losses from cyber security breaches are most visible, they are just the tip of the iceberg.
“There are many other hidden losses that we have to consider from both the indirect and induced perspectives, and the economic loss for organisations suffering from cyber security attacks can be often underestimated,” he said.
Cyber security gaps
The economic losses could have been stemmed if organisations had paid greater attention to the gaps uncovered by the study, which revealed that cyber security remained an afterthought among APAC organisations.
Just one in four organisations that were hit by cyber attacks had considered cyber security before the start of a digital transformation project as compared with one in three (34%) organisations that had not encountered any attack.
The fact that organisations had to manage a large portfolio of cyber security products and services did not help either.
The study found that 23% of organisations with more than 50 cyber security solutions could recover from cyber attacks within an hour, while almost twice as many (40%) with fewer than 10 cyber security solutions could do so within an hour.
In an earlier interview with Computer Weekly, Eric Lam, Microsoft Asia’s director of enterprise cyber security group, noted the complexity of having a growing portfolio of cyber security solutions.
“It gets more complex for IT operations and security teams to manage as organisations get larger. But with built-in security, they won’t have the burden of managing multiple complicated technologies. If they use Office 365, for example, we will identify malicious links and detonate them with a sand bomb,” Lam said.
“This will ensure employees won’t click on them out of curiosity. If their identities have been compromised, we can detect if someone is trying to log in using their accounts through threat analytics. We take that kind of complexity away from the IT operations folks, enabling organisations to become more secure,” he added.
Read more about cyber security in APAC
- Asia’s largest and most connected economies are fast becoming hotspots for botnets that were used to launch distributed denial-of-service attacks across the region in 2017.
- The Australian Broadcasting Corporation is the latest organisation to fall prey to misconfigured Amazon S3 storage buckets, exposing database backups and sensitive data such as login credentials.
- The personal data of more than 46 million mobile phone users in Malaysia was reportedly leaked online in possibly the biggest data breachin the Southeast Asian country.
- Coordination is vitalto ensure that Southeast Asia’s cyber security efforts are focused, effective and in synergy with one another, said ministers and senior officials at a recent cyber security event in Singapore.