(Source – Shutterstock)

A third of APAC organizations lacking cyber incident response plan and expertise

Australia, Malaysia, Singapore, and the Philippines are just some of the many countries making headlines recently for experiencing data breaches and other cyber incident threats. Breaches in some countries have become so severe that governments are also now looking at how they can enhance regulations so that organizations are more accountable for their customer data.

Cybercriminals are also becoming increasingly daring and are no longer just targeting private organizations but are also after government agencies and even healthcare and education industries. Supply chain disruption and ransomware attacks continue to increase as most of the data breached ends up being sold on the dark net for really cheap prices as well.

As such, businesses and agencies in the region are expected to boost their cyber incident response plan and expertise to deal with such events. However, that may not be the case for a third of businesses in Asia Pacific (APAC).

According to findings from Kroll’s State of Incident Response: Asia Pacific report, businesses in Asia Pacific are feeling the impact of cyberattacks, but many are yet to build appropriate response plans or have regular access to relevant cyber expertise.

From the report, over half of all organizations interviewed in APAC (59%) have experienced a cyber incident, of which a third (32%) have suffered multiple incidents. This compares to 93% of organizations that had suffered a compromise of data in the U.S. during a 12-month period, according to a previous survey commissioned by Kroll. It is worth noting, however, that the regulatory landscape and data protection in APAC is generally less established than in developed markets such as the U.S. and thus this may understate the number of cyber incidents being reported.

“While the regulatory landscape in APAC may be less developed than in the U.S., organizations would definitely benefit from having access to this expertise. Whether it is in-house, on retainer—for example, through a virtual chief information security officer (vCISO) program—or through third parties, having people who can assist management teams in navigating the requirements of an appropriate cyber risk posture can be invaluable to mitigate potential damage,” stated James McLeary Managing Director, Cyber Risk at Kroll in the report.

Summary of APAC statistics (Source – Kroll)

The report also highlighted that in response to a cyber incident, 36% of organizations in the Asia Pacific did not have an incident response playbook, a plan, or policies in place. 38% did not also have an appointed data protection officer or access to cyber security specialists on a retainer in Asia Pacific.

Unsurprisingly, the two most cited impacts of a cyber incident were data loss (51%) and business interruption (49%). In order to address cyber security threats, the majority of organizations were planning to increase budgets (64%) and were moving to the cloud (65%).

Looking specifically at countries in APAC, businesses in Australia were the least likely to have an incident response plan in place, and those in Hong Kong were the most likely. Companies in Malaysia and the Philippines suffered the most incidents, while those in Hong Kong suffered the least. Data loss was a concern across the board, but those businesses in Indonesia were also more worried than others about the reputational damage of an incident. Singaporean businesses were primarily worried about business interruption.

For Paul Jackson, Regional Managing Director of Asia Pacific, Cyber Risk at Kroll, while businesses have focused on continuity and operational stability during the pandemic, companies need to consider scaling up investment in cyber expertise to prepare for ‘when’ rather than ‘if’ an incident occurs.

“A combination of having mitigation measures brought about by considered investment in cyber security, together with a trusted cyber security advisor, will go a long way to reducing the impact of cyberattacks and enable businesses in the Asia Pacific to recover more quickly. After all, the worst time to plan for an attack is during one,” added Jackson.

The report was commissioned by Kroll and conducted by Opinium. It surveyed 700 decision-makers in IT, risk, security, and legal professionals evenly split across the following Asia Pacific markets: Hong Kong, Singapore, Malaysia, Philippines, Australia, Indonesia, and Japan.