Regional director of JLT Risk Consulting in Asia, Craig Paterson, lists the biggest cyber challenges faced by organisations in the region

Cyber risks are uncharted waters for many companies. While management may be aware of these types of risks, they may not fully understand their potential exposure or how such risks can be mitigated. The very act of defining cyber risks has, in itself, been one of the most difficult issues for many organisations.

Here are the 10 most challenging cyber risks that I believe organisations in our region face – from least problematic at number 10, to the biggest challenge at number 1:

10. Cyber-crime capabilities The abilities of cyber-criminals are constantly improving, making it harder for companies to protect themselves. By understanding what cyber-criminals are looking to achieve, mitigation activities can be focused on the most exposed areas.

9. Cost constraints Cyber security can easily become an ever-increasing budget cost that can spiral out of control. Understanding how much to spend, what to spend it on and what the return on investment is will be key for companies looking to reduce their exposures. With competing budgets for scarce resources, value-for-money will be key.

8. New connectivity There is a need to better understand not just potential future technology, but also what it could be used for. This will drive how cyber-related risks are managed and ensure a business has the necessary secure infrastructure in place to meet developing customer tastes.

7. Disaster-recovery planning Should a major incident occur, it is prudent to have in place the necessary recovery plans to ensure the continuity of, or limited disruption to, operations. These plans should cover both physical requirements as well as being able to limit reputational damage.

6. Third-party service providers/outsourcing As technology continues to ‘splinter’ and more activities are outsourced to third parties, the number of smaller players who are engaged will increase. Managing these providers will become difficult unless enabler partnerships are developed.

5. Intellectual property rights Increasing focus on innovation has led to more intellectual-property challenges as companies look to differentiate themselves from competitors. This can include business models, operating structures, patents, and new products and services.

4. Training and awareness Having policies and procedures in place is only part of the solution; employees need to be fully aware of these and the implications of the actions they may take. Many are not aware of how social media can cause reputational damage, where even the most insignificant of comments can go viral in an instant.

3. Mobile applications Smartphone applications, social media, bring your own device (BYOD), and so on, are only glimpses of future technology. It is important to understand how they work, what risks they present, and how these can be addressed, while at the same time limiting unacceptable exposures.

2. Data protection/privacy/regulatory requirements As new technologies develop and existing ones expand, the regulatory ecosystem will change (and differ from country to country). Some of these changes can be predicted but others will be based on technology changes and/or government intervention. There is a need to keep ahead of regulatory requirements in relation to cyber activities.

And in top spot…

1. Network/cyber security This is a key starting point for any organisation and covers the ‘intangible’ security protections needed to limit hacking, attacks, denial of service, or theft of sensitive information. Most organisations recognise the need to have a first line of defence in this area and will have a full suite of protective measures in place.

Jardine Lloyd Thompson Asia’s Risk Consulting Practice offers a broad suite of risk-management services and solutions to address all forms of risks faced by organisations. Craig Paterson’s role at JLT Asia is to design, deliver and project-manage risk-consulting resources within the region. He can be contacted at