Cyber-worries delaying move to digital, says Deloitte
As many as 60% of businesses in the Asia Pacific region have put off digitalisation plans out of fear of cyberattacks, according to the Deloitte Cyber Smart: Enabling APAC businesses report, commissioned by VMware.
The report analyses cyber-exposure, preparedness and economic opportunity across 12 economies in the region.
Digitalisation offers game-changing productivity improvements, savings and consumer convenience but businesses and governments must be properly prepared.
The growing speed and scope of digital transformation, along with the increasing number of targetable devices, are creating a ‘perfect storm’ for cyberattacks.
48% of businesses in the region have experienced security attacks in the past 12 months and as many as 63% have experienced business interruption due to a security breach, according to Telstra's June 2019 security report.
“As the digital economy continues to grow in each country, so too does the exposure to cyberattacks. Being appropriately prepared can mitigate the risks to organisations and minimise the potential costs of an attack,” says VMware senior vice president and Asia Pacific and Japan general manager Duncan Hewett.
“Based on what we have seen in the region, businesses with an established cybersecurity strategy in place have the confidence to invest in new technologies which can lead to higher levels of capital investment and productivity growth.
According to the Deloitte report, large organisations with more than 500 employees in APAC may stand to lose as much as US$30 million in the event of a cyber-breach.
Threats can also flow beyond individual organisations affected to broader business networks using ‘island hopping’ tactics.
“The challenge for policymakers is to build a comprehensive legislative framework and environment that protects businesses from cybersecurity risks whilst allowing them to innovate and maximise the potential of digital technologies,” adds Deloitte Access Economics Australia partner and lead author of the research John O’Mahony.
We see interest from government, business owners, and vertical experts in building a cyber-smart Asia Pacific that we estimate can unlock as much as 0.7% or US$145 billion additional GDP growth over the next ten years.”Deloitte Cyber Smart Index 2020
The Deloitte Cyber Smart Index 2020 examines the level of cyber-risk exposure faced by countries in the region, and the degree of cyber-preparedness.
Focusing on the inherent exposure to cyberattacks, the Index looks at the size of the attack surface, the frequency of attack and value that is at risk.
Within the preparedness measure, the Index looks beyond the legal and policy environment to examine how businesses can be better prepared for the growing cyber-risks.
Singapore tops the rank as both the most prepared and the most exposed country in APAC, with the highest rate of ICT penetration in APAC.
With sound legal and organisational awareness, Singapore ranks consistently high across all measures of preparedness.
Strong cyber-legislation and high rates of R&D are also traits shared by:
- Australia – fourth most exposed and third for preparedness;
- New Zealand – fifth for both most exposed and preparedness;
- South Korea – second most exposed and sixth for preparedness; and
- Japan – third most exposed and second for preparedness.
Malaysia is ahead of its peers with a similarly low level of exposure but strong regulatory cooperation and a comprehensive privacy regime despite less impressive relative organisational capability.What governments can do
Cybersecurity executives currently spend 7% of their time on regulatory and compliance, and twice the amount of time on cyber-monitoring and operations.
A safer and lower risk cyber-environment can help to redirect their attention to more critical cyber-domains.
Governments across the region have a range of tools to help organisations better prepare for cyber-threats and get their digitalisation projects back on track:
Leading by example – Governments are the fastest-growing spenders on security in the region.
With critical digital services increasingly central to governments around the region, spending alone is not sufficient. Lawmakers should consider broader governance structures that support any cyber-strategy from transformation to compliance to talent recruitment.
Regulatory harmonisation – Cybercrimes can originate from any part of the world and are often difficult to investigate and prosecute.
Regulatory harmonisation between sectors facilitates proactive cybersecurity strategies that contribute to stronger preparedness across the region, and ultimately lead to greater enforcement of local laws—even in foreign jurisdictions.
Procurement – Government procurement practices have an influence on the broader private sector.
By implementing minimum cybersecurity criteria, there is an opportunity to identify potential flaws in the sourcing process and reduce the overall costs of responding to a cyberattack.
Reporting – Regional variation in reporting standards increases the regulatory burden on businesses operating in the region.
Reporting regulation must ensure companies operate under the best standards of data protection without imposing burdensome restrictions on their day-to-day operations.
Developing skills – APAC represents the largest regional skills shortage in the world with 2.6 million fewer workers than required.
In comparison, the second-largest shortage found in Latin America which requires another 600,000 workers. This presents tremendous opportunity to implement specialised cybersecurity training, both those entering higher education and those retraining or upskilling.