Kroll, the leading independent provider of global risk and financial advisory solutions, today announced its report State of Incident Response: Asia Pacific. The report finds that businesses in Asia Pacific and the Philippines are feeling the impact of cyberattacks, but many are yet to build appropriate response plans or have regular access to relevant cyber expertise. One of the notable findings is that 3 out of 4 businesses in the Philippines have experienced a cyberattack, much higher than the APAC average of 59%.
Kroll launched the State of Incident Response: Asia Pacific report which sets out how the APAC market has been impacted by cyber vulnerabilities, highlights cyber incident patterns for the region and proposes actionable priorities for the businesses
Key Philippine Findings:
75% of organizations in the Philippines have experienced a cyber incident, coming second as most cyber-vulnerable market in the APAC region Malware (29%) and phishing (21%) rank top as the most common cause of cyber incidents in the Philippines.
The two most cited impacts of a cyber incident in the Philippines were business interruption (60%) and data loss (59%). Regulatory fines (29%) as a consequence of cyberattacks was also most cited for the Philippines when compared to the rest of markets.
The greatest concern among organizations in the Philippines is data loss (70%). Compared to other markets across APAC, however, respondents were also much more concerned about theft of intellectual property (60%).
Jay Gomez, Senior Vice President, Cyber Risk, Kroll, said: “Cyber attackers will seek out any country that has vulnerabilities, and we can see that all APAC markets are affected by this to an extent. 3 in 4 Philippine businesses have experienced a cyberattack, mostly because of malware and phishing scams. Despite the number of cyber incidents, many companies still do not have a response plan in place if an incident were to occur, which leaves companies at the risk of being unable to handle an incident effectively and of being vulnerable to further attacks. However, we are pleased to see a trend of businesses upgrading their software and training their employees as preventive measures, but businesses need to accelerate this further to better protect themselves, particularly on monitoring and detection.”
Ely Tingson, Senior Vice President for Cyber Threat Intelligence Philippines, Kroll, also shared: “As we become an increasingly more digital world, our regulatory landscape is understandably still evolving to better protect data of users. What is important now is that organizations in the Philippines are also able to evolve, for example, through a virtual chief information security officer (vCISO) program and through adopting a more proactive and resilient cyber security posture by engaging in cyber threat intelligence and incident response services to efficiently and effectively mitigate potential damage.”
Overall findings of the report include:
In response to a cyber incident, 36% of organizations in Asia Pacific did not have an incident response playbook, a plan or policies in place, 38% did not have an appointed data protection officer or access to cyber security specialists on a retainer in Asia Pacific.
The two most cited impacts of a cyber incident were data loss (51%) and business interruption (49%).
In order to address cybersecurity threats, the majority of organizations were planning to increase budgets (64%) and were moving to the cloud (65%).
Paul Jackson, Regional Managing Director of Asia Pacific, Cyber Risk, Kroll, said: “I am glad to see that businesses have focused on continuity and operational stability during the pandemic, but we continue to recommend that companies consider scaling up investment in cyber expertise to prepare for ‘when’ rather than ‘if’ an incident occurs. A combination of having mitigation measures brought about by considered investment in cyber security, together with a trusted cyber security advisor, will go a long way to reducing the impact of cyberattacks and enable businesses in Asia Pacific to recover more quickly. After all, the worst time to plan for an attack is during one.”
Local market variations include:
Australia was the least likely to have an incident response plan in place, and Hong Kong was the most likely.
Malaysia and the Philippines suffered the most incidents, while Hong Kong suffered the least.
Data loss was a concern across the board, but those in Indonesia were also more worried than others about the reputational damage of an incident. Singaporean businesses were primarily worried about business interruption.
To understand how each market fared in the State of Incident Response: Asia Pacific report, read the full report with market breakdowns here.
The report was commissioned by Kroll and conducted by Opinium. It surveyed 700 decision-makers in IT, risk, security and legal professionals evenly split across the following Asia Pacific markets: Hong Kong, Singapore, Malaysia, Philippines, Australia, Indonesia and Japan.