Research throughout the world is pointing to Asia-Pacific as both the source and the victim of cyber-crime. Willis Towers Watson’s regional associate director, cyber, Jessica Wright tells StrategicRISK why a lack of awareness could prove extremely costly for businesses in the region.
In Asia, factors such as the lack of transparency, weak cyber regulations, low awareness, and hierarchical organisation structures have exposed both public and private organisations to a risk of a cyber-related losses.
The Pacific region is not dissimilar, with Australia and New Zealand historically being sheltered from many global phenomena due to their distant geographical location – but as we know, cyber risk is not restricted by physical borders.
The prevalence of publically disclosed incidences in APAC is continuously rising year-on-year. In the first half of 2017, Trend Micro blocked 82 million ransomware threats, with 35.7% of these targeting APAC entities - the highest of all regions.
Despite real losses having been sustained by many organisations in the region, companies continue to believe that they will not be the ones to be affected. Relying on the word of the IT team that the company network is fully protected, believing only large US and European companies are exposed, and having certainty that an attack would not cause a large loss to the organisation are all common arguments used against investing further in cyber security.
This lack of awareness could prove extremely costly from an economic perspective, and has in turn encouraged governments and policy-makers throughout the region to educate and legislate consumers and businesses – but there is still a long way to go.
Organisations should have fully integrated, comprehensive plan that emphasises people, capital and technology protections to effectively manage cyber risk across the enterprise and ensure resiliency.
Even with prudent controls in place, consistent employee training and exemplary IT staffing and performance, the dark side of digital connectivity will eventually find its way in, and organisations must be prepared to respond effectively and efficiently.
Board-level support is essential to ensure this is being adequately addressed as an enterprise wide risk – in fact, it is part of a directors’ fiduciary duties to do so.
For those organisations that haven’t experienced a cyber loss, envisioning the financial and reputational effect of an incident can prove difficult. Partnering with third party experts who can assist with identifying, quantifying and addressing all aspects of cyber risk is fundamental to building a cyber resilient organisation.