Lack of Cyber Incident Response Plans Endemic in Asia-Pacific, Impacting Data Security and Reputation

A third of APAC businesses lack a cyber incident response plan and the requisite knowledge.
Data breaches and other cyber event concerns have recently made news in various nations, including Australia, Malaysia, Singapore, and the Philippines. The severity of the breaches in certain nations has prompted their governments to consider new ways to strengthen rules and hold businesses accountable for protecting their citizens’ personal information.

Cybercriminals are also getting more daring. They are no longer just going after private businesses, but also government agencies and even the healthcare and education industries. Ransomware attacks and attacks on supply chains are getting worse, and most of the data that gets stolen ends up being sold on the dark web for very low prices.

Consequently, organizations in the area should improve their cyber incident response plan and their ability to respond to cyber attacks. On the other hand, it’s possible that this isn’t the case for one in three companies in Asia and the Pacific (APAC).

According to the results of Kroll’s State of Incident Response: Asia Pacific report, cyberattacks have affected all kinds of businesses in Asia Pacific, but many of them haven’t yet built appropriate response plans or have regular access to relevant cyber expertise.

According to the report, 59% of APAC companies surveyed have had a cyber incident, and 32% have had several occurrences. For comparison, a prior Kroll poll found that 93% of American businesses had experienced a data breach during the previous 12 months. It is important to note, however, that the regulatory environment and data protection in APAC are often less established than in developed markets such as the United States, and so this may understate the number of cyber incidents that are being reported.

Although the regulatory environment in APAC may be less developed than in the United States, firms would benefit greatly from having access to this expertise. Having personnel who can assist management teams in understanding the requirements of a proper cyber risk posture is invaluable for mitigating possible damage, according to James McLeary, managing director of Cyber Risk at Kroll.

The report also found that 36% of Asia Pacific firms had no cyber incident response playbook, plan, or rules. In Asia Pacific, 38% of organizations lacked a data protection officer and cyber security specialists on retainer.

Unsurprisingly, data loss (51%) and business interruption (49%) were the most frequently stated effects of a cyber event. The majority of firms intended to boost their budgets (64%) and migrate to the cloud (65%) in order to combat cyber security concerns.

In APAC, Australia had the fewest incident response plans, while Hong Kong had the most. Companies in Malaysia and the Philippines experienced the most incidences, while Hong Kong companies experienced the fewest. While companies everywhere worried about data loss, those in Indonesia were especially concerned about the impact any such catastrophe could have on their image. On the other hand, Singaporean companies worry more about business interruption.

Paul Jackson, Regional Managing Director of Asia Pacific, Cyber Risk at Kroll, believes that while businesses have prioritized continuity and operational stability during the pandemic, they should consider increasing their investment in cyber expertise to prepare for “when” rather than “if” an incident occurs.

The combination of investment in cyber security mitigation measures and a trusted cyber security advisor will go a long way toward lowering the impact of cyberattacks and allowing firms in the Asia Pacific to recover more rapidly. Jackson said that the worst moment to plan for an assault is during one.