Cyberattacks Impact More Than 60% Of Companies In Asia & Privacy Breach Tops The List

DigitalCFO Newsroom | 29 June 2022

Marsh, Microsoft Survey, revealed that over 3 in 5 companies in Asia have been impacted by cyber attacks.

In Asia, nearly 7 in 10 companies are confident about their cyber resilience despite rapid digital transformation, rising number of cyberattacks, and increasing modes of cyber threats. However, nearly half (48%) admit that there is still room for improvement when it comes to cyber hygiene measures essential to managing cyber risks. This is according to a new report published today by Marsh, the world’s leading insurance broker and risk advisor, and Microsoft Corp., a leading platform and productivity company for the mobile-first, cloud-first world.

The report, The State of Cyber Resilience, questioned over 660 cyber risk decision makers globally and analyses how cyber risk is viewed by various functions and executives in leading organisations, including cybersecurity and IT, risk management and insurance, finance, and executive leadership.

The report revealed that over 3 in 5 companies (64%) in Asia have been impacted by cyber attacks. Among various forms of cyber threats, nearly 7 in 10 respondents (68%) called out privacy breach as their top concern, followed by ransomware (58%). When asked about the reasons that put their organisations at risk of cyber attacks, over half (57%) of the respondents in Asia stated ‘home and remote working’, followed by ‘personal devices or apps used by employees’ (52%), ‘use of cloud infrastructure and platforms’ (46%) and ‘customer-facing digital products, apps, eCommerce platforms used by their organisations’ (46%). Our findings suggest that Asia companies are not as well-prepared as they might think they are, with data showing the lack of cybersecurity risk controls in place – a requirement for insurance programs.

“It is worrying to see that 1 in 3 of organisations in Asia do not have endpoint detection and this would place those organisations’ potential insurability on the line. More than ever before, organisations need to place more emphasis on controls to help mitigate their cyber risks,” said Faizal Janif, Head of Cyber Advisory Asia Pacific, Marsh Advisory.

Further, many organisations are still struggling to understand the risks posed by their vendors and digital supply chains as part of their cybersecurity strategies. Globally, only 36% of respondents stated that they have fully audited and verified the technical and operational measures taken by their vendors or supply chain. Asia businesses displayed higher levels of awareness of the risks associated with their vendors and digital supply chains, with 1 in 2 respondents (56%) conducting the full audit on their vendors or supply chain.

Other findings from Asia include:

  • Only 12% of companies quantify financial exposure to cyber risk, less than half the global average of 26% and the lowest among all geographies.
  • Among the companies in Asia that do not measure cyber risk, 4 in 5 (80%) cited the lack of talent and over half (53%) thought lack of data was the reason.
  • Companies in Asia tend to take a more passive approach when evaluating new technology for cyber risks. More than 1 in 3 respondents in Asia (35%) conduct the evaluation only when a cyberattack or incident has occurred, compared to 17% globally.
  • Although 95% of cyber breaches are primarily caused by human error, 30% of respondents in Asia said their organisations do not currently have cybersecurity awareness and training.
  • Compared to the global average (35%), companies in Asia (62%) place a stronger emphasis on conducting post-mortem incident review, resiliency study and business interruption valuation after a cyberattack in the past 12 months.

Sean Letz, Asia Cyber Leader, Marsh Specialty, said: “Companies in Asia need to get better understanding of their cyber risk profile and cyber risk exposures using proven quantitative approaches. Organizations need to stay vigilant and cultivate a holistic cyber risk management approach and develop and maintain robust cyber hygiene among all of the organisation’s technology users and throughout their supply chain.”