Developed APAC states most exposed to cyber risks

Developed countries in Asia-Pacific (APAC) with more established digital economies may be most vulnerable to cyber attacks, but they are also among the most prepared in the region to deal with cyber threats, a new study has found.

According to the VMware-Deloitte cyber smart index 2020, Singapore, South Korea, Japan, Australia and New Zealand ranked among the highest in terms of cyber risk exposure as well as preparedness in terms of regulatory and organisational readiness.

Singapore topped the index as the most prepared country in APAC, scoring consistently high across all measures of preparedness, followed by South Korea which has high rates of research and development and response time for cyber threats.

In Southeast Asia, Malaysia is ahead of its peers with a low level of exposure due to strong regulatory cooperation and a comprehensive privacy regime despite having less impressive organisational capability.

Thailand, with one of the highest cyber attack rates in APAC, ranked eighth in preparedness and ninth in exposure, driven in part by the growing use of online devices and interest in cryptocurrencies which has increased Thailand’s exposure to risks.

Indonesia ranked lower than its ASEAN counterparts despite its large economy and increasing digitisation, largely because of its small services sector. The country’s exposure is likely to grow in the coming years.

“As the digital economy continues to grow in each country, so too does the exposure to cyber attacks. Being appropriately prepared can mitigate the risks to organisations and minimise the potential costs of an attack,” said Duncan Hewett, senior vice-president and general manager of Asia-Pacific and Japan at VMware.

“Based on what we have seen in the region, businesses with an established cyber security strategy in place have confidence to invest in new technologies which can lead to higher levels of capital investment and productivity growth,” he added.

Against this backdrop, the challenge for policy-makers is to build a comprehensive legislative framework and environment that protects businesses from cyber security risks while allowing them to innovate and maximise the potential of digital technologies, said John O’Mahony, partner and lead author of the research from Deloitte Access Economics in Australia.

“We see interest from government, business owners and vertical experts in building a cyber smart Asia-Pacific that we estimate can unlock as much as 0.7% or $145bn additional GDP growth for the region over the next 10 years,” he said.

In its report, Deloitte called for governments in APAC to harmonise cyber security-related regulations where possible. This would minimise the regulatory burden for businesses operating across borders and make it easier to tackle cross-border cyber crime.

That is already happening to some extent in the Association of Southeast Asian Nations (ASEAN), which has developed a voluntary mechanism to facilitate cross-border data flows, based on the region’s framework on personal data protection and a set of guiding values.

During the ASEAN Ministerial Conference on Cyber Security in October 2019, the region’s ministers and senior officials responsible for cyber security and ICT also agreed to move forward on a formal cyber security coordination mechanism.

They also reaffirmed the region’s commitment to a rules-based international order in cyber space and noted ASEAN member states’ efforts at implementing the 11 voluntary, non-binding norms recommended in a 2015 United Nations report.