cyber risks

(Photo by Mohd RASFAN / AFP)

Cyber risks in APAC remain high; more data breaches expected over next 12 months

  • Globally, 86% of Trend Micro survey respondents believed that their organizations may be breached in the next 12 months
  • The top five cyber threats in APAC include ransomware, watering hole attacks, advanced persistent threats, malicious insiders, and file-less attack

Due to increasing cyber risks from remote working over the past year, most organizations have taken additional cybersecurity measures to protect their employees and infrastructures. Cybersecurity spending has indeed increased in the last 12 months as well with organizations looking towards securing remote worker devices and protecting the network.

However, the reality is, cybercriminals are still able to wreak havoc on organizations. Employees are still the weakest link today, just as they were before the pandemic saw a shift to remote work. Cybercriminals are also getting smarter in bypassing security protocols to target their victims.

According to findings from Trend Micro’s Biannual Cyber Risk Index report, the risks of cyber attacks have increased in the past year and will only continue to increase in the future. The report surveyed more than 3,600 businesses of all sizes and industries across Asia-Pacific, North America, Europe, and Latin America.

For Dr. Larry Ponemon, CEO of the Ponemon Institute, “Businesses globally can use this resource to prioritize their security strategy and focus their resources to best manage their cyber risk. This type of resource is increasingly useful as harmful security incidents continue to be a challenge for businesses of all sizes and industries.”

Cyber risks still at all-time high

North American companies saw the highest increase in cyber risk with the Asia Pacific being the next highest. More worrying was that 86% of the respondents believed that their organizations may be breached in the next 12 months, with 25% experiencing 7 or more successful attacks in the past 12 months as well. This indicated a critical gap in breach detection capabilities.

In the Asia Pacific, the top five cyber threats highlighted included ransomware, watering hole attacks, advanced persistent threats, malicious insiders, and fileless attacks. For infrastructures, malicious and negligent insiders as well as cloud computing infrastructure providers and organizational misalignment were the top cyber risks.


APAC organizations also ranked the top three negative consequences of an attack. Be it disruption or damages to critical infrastructure, lost intellectual property, or cost of outside consultants and experts, all these consequences will not only require huge recovery costs but can also damage business reputation.

In Malaysia, the report showed also that 58% of Malaysian organizations believe that it was somewhat too very likely that they’d suffer serious cyberattacks in the next 12 months. To make matters more concerning, 30% suffered more than seven cyberattacks that infiltrated networks/systems and 14% had more than seven data breaches of information assets. 21% of organizations also suffered more than seven breaches of customer data over the past year.

Is a shortage of skilled security leaders a reason?

For most organizations, the biggest challenge is cybersecurity preparedness as there is still a shortage of security leaders and skilled workforce in ensuring the best practices of cybersecurity. Organizations are also struggling to enable security technologies that are sufficient to protect their data assets and IT infrastructure.

“To lower cyber risks, organizations must be better prepared by going back to basics, identifying the critical data most at risk, focusing on the threats that matter most to their business, and delivering multi-layered protection from comprehensive, connected platforms,” said Goh Chee Hoh, Managing Director for Trend Micro Malaysia and Nascent Countries.

According to McKinsey, over 90% of executives across the world are facing digital skills gaps in their workforces. This is a particular blight of the APAC region, where a majority of workforces are employed by SMEs. These SMEs have tended to put off digitalization efforts in past years, perhaps due to a misconception that such a shift would entail high costs.

From security engineers to CISOs to even IT technicians, the shortage is one of the reasons why companies feel they are vulnerable to cyber-attacks. While there are managed service providers that can help with some security, businesses still feel it’s insufficient for them to fully protect their company.