Asia could be placing all the wrong cybersecurity bets

Only 12% of companies in Asia quantify their financial exposure to cyber threats, less than half the global average of 26% according to a recent study by Microsoft and Marsh.

CSO  >  danger / security threat / malware / frustrated businessman overwhelmed by infected files
cyano66 / Getty Images

Over two-thirds (69%) of security leaders in Asia are confident about their organization’s cybersecurity resilience, even as 48% also admit that there is still room for improvement, a new joint study by Microsoft and risk advisory firm Marsh has found.

The Asian edition of The State of Cyber Resilience report, which had over 660 participants, including CEOs, CISOs, and risk managers, revealed that companies in Asia have experienced a far higher number of privacy breaches (28%) and denial of service attacks (21%) as compared to their global peers (18% and 14% respectively).

Companies in Asia perceived privacy breaches or the loss of data as their top security concerns, while globally ransomware was observed as the biggest concern among organizations. As such, data loss is a critical concern that needs to be addressed and factored into cyberrisk management strategies, the report said.

Contrary to global standards, only 58% of the respondents in Asia considered ransomware amongst their top cybersecurity concerns.

Earlier this year, a report by IBM Security revealed ransomware as the top global attack type, contributing 20% to overall cyberattacks. Phishing and vulnerability exploits were found to be the top infection vectors for ransomware.

Companies in Asia have a passive approach to security

The study also found Asian organizations to have a passive approach to responding to cybersecurity incidents, focused largely on post-mortem evaluation.

One in three (34%) organizations in Asia admitted to not having endpoint detection and response, a key insurance requirement. Additionally, 26% of the companies in the region have not made improvements to their devices in the past 12 months, compared to just 9% of organizations globally.

More than a third (35%) of respondents in Asia evaluate a new technology for cyberrisks only when a cyberattack or incident has occurred. Also, 62% of the companies in Asia have placed a stronger emphasis on conducting a post-mortem review after an attack in the last 12 months.

Asia’s highly contrasting approach has possibly led to a denial or miscalculated stance on its cybersecurity preparedness and calls for an immediate revisiting of security approaches for the region, the report pointed out.

"It is worrying to see that 1 in 3 of organizations in Asia do not have endpoint detection and this would place those organizations’ potential insurability on the line. More than ever before, organizations need to place more emphasis on controls to help mitigate their cyberrisks," said Faizal Janif, head of Asia Pacific cybersecurity advisory services at Marsh Advisory.

Companies need to quantify cybersecurity risks

The study added that only 12% of companies in Asia quantify financial exposure to cyberrisk, a key metric while evaluating cyberthreats. This is the least among all geographies and less than half of the global average (26%).

When questioned, 80% of respondents reported ‘lack of talent’ and 53% ‘lack of data’ to be the main reasons for such oversight. Moreover, 30% of the respondents pointed to an overall lack of cyberawareness and training in their organizations.

Copyright © 2022 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)