A Microsoft and Frost & Sullivan study* has revealed that:
• A large-sized organisation in Singapore could incur an economic loss of US$13.8 million from a cyberattack, more than 70 times the average economic loss for a mid-sized organisation
• Cyberattacks have led to job losses in six in 10 (57%) organisations over the last year, against 67% in the wider Asia Pacific region;
• Cybersecurity concerns delay digital transformation plans; and
• Organisations are increasingly leveraging artificial intelligence (AI) to enhance their cybersecurity strategies
A Frost & Sullivan study commissioned by Microsoft has revealed that the potential economic loss in Singapore due to cybersecurity incidents can hit US$17.7 billion. This amounts to 6% of Singapore’s total GDP at US$297 billion**.
The study, Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World, aims to provide business and IT decision makers with insights on the economic cost of cybersecurity breaches in the region and identify the gaps in organisations’ cybersecurity strategies. The study was conducted with 1,300 business and IT decision makers ranging from mid-sized organisations (250 to 499 employees) to large-sized organisations (> 500 employees) across the Asia Pacific region, including 100 from Singapore.
Key findings from the study showed that more than half of the organisations surveyed in Singapore have either experienced a cybersecurity incident (20%) or are not sure if they had one as they have not performed proper forensics or data breach assessment (33%).
“As companies increasingly embrace the opportunities presented by the intelligent cloud and the intelligent edge, they must also embrace modern mindsets and approaches to security,” said Richard Koh, CTO, Microsoft Singapore.
“With traditional IT boundaries disappearing, cybercriminals are finding different ways to break into companies’ IT and operational technology (OT) assets. And if companies do not take active steps to modernise their platforms to secure identities, devices, apps and data estate, and infrastructure, they will be easy prey for cyberattacks, face the risk of significant financial loss, as well as sometimes long-term damage to customer satisfaction and market reputation — which some recent high-profile breaches have demonstrated.”
According to Koh, security needs to be built from the ground up, and partnerships such as with government agencies will be required for new breakthroughs.
The study found that:
• A large-sized organisation in Singapore could incur an economic loss of US$13.8 million from a cyberattack, more than 70 times the average economic loss for a mid-sized organisation
• Cyberattacks have led to job losses in six in 10 (57%) organisations over the last year, against 67% in the wider Asia Pacific region;
• Cybersecurity concerns delay digital transformation plans; and
• Organisations are increasingly leveraging artificial intelligence (AI) to enhance their cybersecurity strategies
A Frost & Sullivan study commissioned by Microsoft has revealed that the potential economic loss in Singapore due to cybersecurity incidents can hit US$17.7 billion. This amounts to 6% of Singapore’s total GDP at US$297 billion**.
The study, Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World, aims to provide business and IT decision makers with insights on the economic cost of cybersecurity breaches in the region and identify the gaps in organisations’ cybersecurity strategies. The study was conducted with 1,300 business and IT decision makers ranging from mid-sized organisations (250 to 499 employees) to large-sized organisations (> 500 employees) across the Asia Pacific region, including 100 from Singapore.
Key findings from the study showed that more than half of the organisations surveyed in Singapore have either experienced a cybersecurity incident (20%) or are not sure if they had one as they have not performed proper forensics or data breach assessment (33%).
 |
| Richard Koh, CTO, Microsoft talks about the many sources of data Microsoft uses to gain security insights. |
“As companies increasingly embrace the opportunities presented by the intelligent cloud and the intelligent edge, they must also embrace modern mindsets and approaches to security,” said Richard Koh, CTO, Microsoft Singapore.
“With traditional IT boundaries disappearing, cybercriminals are finding different ways to break into companies’ IT and operational technology (OT) assets. And if companies do not take active steps to modernise their platforms to secure identities, devices, apps and data estate, and infrastructure, they will be easy prey for cyberattacks, face the risk of significant financial loss, as well as sometimes long-term damage to customer satisfaction and market reputation — which some recent high-profile breaches have demonstrated.”
According to Koh, security needs to be built from the ground up, and partnerships such as with government agencies will be required for new breakthroughs.
The study found that:
• A large organisation in Singapore could incur an economic loss of US$13.8 million, more than 70 times higher than the average economic loss for a mid-sized organisation (US$177,000); and
• Cybersecurity attacks have resulted in job losses across different functions in six in 10 (57%) organisations that have experienced an incident over the last 12 months.
To calculate the cost of cybercrime, Frost & Sullivan has created an economic loss model based on
macroeconomic data and insights shared by survey respondents. This model factors in three kinds of losses which could be incurred due to a cybersecurity breach:
• Direct
Financial losses associated with a cybersecurity incident - this includes loss of productivity, fines, remediation costs, etc.;
• Indirect: The opportunity costs to the organisation such as customer churn due to reputation loss; and
• Induced: The impact of the cyber breach to the broader ecosystem and economy, such as the decrease in consumer and enterprise spending.
Edison Yu, VP and Asia Pacific Head of Enterprise for Frost & Sullivan, said that enterprises must think about which cyberthreats are making the largest impact, rather than how many attacks they sustain.
“Although the direct losses from cybersecurity breaches are most visible, they are but just the tip of the iceberg,” he said. “There are many other hidden losses that we have to consider from both the indirect and induced perspectives, and the economic loss for organisations suffering from cybersecurity attacks can be often underestimated.”
In addition to financial losses, cybersecurity incidents are also undermining Singapore organisations’
ability to capture future opportunities in today’s digital economy, with one in two (52%) respondents stating that their enterprise has put off digital transformation efforts due to the fear of cyber-risks.
Although high-profile cyberattacks such as ransomware have been garnering a lot of attention from enterprises, the study found that for organisations in Singapore that have encountered cybersecurity incidents, data corruption and online brand impersonation are the biggest concerns as they have the highest impact with the slowest recovery.
Besides external threats, the research also revealed key gaps in organisations’ cybersecurity approaches to protect their digital estate:
• Considering security as an afterthought
Despite encountering a cyberattack, one in four (25%) organisations consider cybersecurity before the start of a digital transformation project, as compared to almost one in two (46%) organisations that have not encountered a cyberattack. The rest of the organisations either think about cybersecurity only after they start on the project, or do not consider it at all. This limits their ability to conceptualise and deliver a “security-by-design” project, potentially increasing their exposure to cyberattacks;
• Creating a complex environment
While it seems logical that deploying more cybersecurity solutions means stronger protection, the survey actually revealed that only 29% of respondents with more than 50 cybersecurity solutions recovered from cyberattacks within an hour, or that the majority took over an hour to recover. In contrast, 38% with fewer than 10 cybersecurity solutions said that they can recover from cyberattacks within an hour. In fact, 45% of those with more than 50 solutions took more than a day to recover, compared to 29% of those with under 10 solutions.
• Lacking cybersecurity strategy
While more organisations are embarking on digital transformation to gain competitive advantage, the study has shown a significant risk from introducing too many tools and complexity to the environment. This is especially true if tools within the suite are well-integrated to take advantage of their counterparts.
Yu said the more solutions there are, the more complex the cyberdefence, and the more challenging it is to find people who can support the platform. If the solutions do not talk to each other, a single cyberattack using multiple vectors may not be viewed as an attack or treated as seriously as well. "There is no single pane of visibility and control," he said.
• Assessment, review and continuous compliance
The organisation should be in a continuous state of compliance. Yu observed that cybersecurity used to be implemented for compliance, it is now being considered for business enablement and to safeguard the business from cyber risks. "Some are saying that 'compliance' is another word for 'complacency'," he said.
Assessments and reviews should be conducted regularly to test for potential gaps that may occur as the organisation is rapidly transforming and address these gaps. The board should keep tab on not just compliance to industry regulations but also how the organisation is progressing against security best practices; and
• Leverage AI and automation to increase capabilities and capacity
With security capabilities in short supply, organisations need to look to automation and AI to improve the capabilities and capacity of their security operations. Current advancements in AI have shown
a lot of promise, not just in raising detections that would otherwise be missed but also in reasoning over how the various data signals should be interpreted with recommended actions. Such systems have seen great success in cloud implementations where huge volumes of data can be processed rapidly. Ultimately, leveraging automation and AI can free up cybersecurity talents to focus on higher-level activities.
 |
| Source: Microsoft infographic. Losses from cyberattacks in Singapore can come from direct, indirect or induced sources. |
Download the Microsoft Security Intelligence Report Volume 23
*Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World, conducted by Frost & Sullivan in partnership with Microsoft Asia, involved a survey conducted with 1,300 respondents from 13 markets - Australia, mainland China, Hong Kong, Indonesia, India, Japan, Korea, Malaysia, New Zealand, Philippines, Singapore, Taiwan and Thailand. All respondents are business and IT decision-makers involved in shaping their organisations’ digital strategy. Forty-four percent of them are business decision-makers, including CEOs, COOs and directors, while 56% are IT decision-makers, including CIOs, CISO and IT Directors. A third (29%) of participants are from mid-sized organisations (250 to 499 staff); and 71% are from large-sized organisations (more than 500 staff).
**World Bank Asia Pacific GDP
No comments:
Post a Comment