APAC businesses putting digitalisation on hold

Photo by Marius Masalar CyFBmFEsytU Unsplash

Research shows companies in the region could miss out on US$145bn in GDP growth in the next decade.

Up to three in five businesses in the Asia Pacific region have put off digitalisation plans out of fear of cyberattacks, according to the Deloitte Cyber Smart: Enabling APAC businesses report, commissioned by VMware.

The report analyses cyber exposure, preparedness and economic opportunity across 12 economies in the APAC region.

Digitalisation offers game-changing productivity improvements, savings and consumer convenience but businesses and governments must be properly prepared. The growing speed and scope of digital transformation, along with the increasing number of targetable devices, are creating a ‘perfect storm’ for cyberattacks

According to the report about 48 per cent of businesses in the region have experienced security attacks in the past 12 months and as many as 63 per cent have experienced business interruption due to a security breach.

Effects of an attack can be long lasting and expensive,” states the report. “Large organizations with more than 500 employees in APAC may stand to lose as much as US$30 million in the event of a cyber breach. Threats can also flow beyond individual organizations affected to broader business networks using ‘island hopping’ tactics.”

Duncan Hewett, senior vice president and general manager of Asia Pacific and Japan at VMware said as the digital economy continues to grow in each country, so too does the exposure to cyberattacks.

Being appropriately prepared can mitigate the risks to organizations and minimize the potential costs of an attack,” he said. “Based on what we have seen in the region, businesses with an established cyber security strategy in place have confidence to invest in new technologies which can lead to higher levels of capital investment and productivity growth.”

The report shows the challenge for policy makers is to build a comprehensive legislative framework and environment that protects businesses from cybersecurity risks whilst allowing them to innovate and maximize the potential of digital technologies.

John O’Mahony, partner and lead author of the research from Deloitte Access Economics in Australia said interest from government, business owners, and vertical experts in building a cyber smart Asia Pacific can unlock as much as 0.7 percent or US$145 billion additional GDP growth over the next ten years.


According to the Deloitte Cyber Smart Index 2020 examines the level of cyber risk exposure faced by countries in the region, and the degree of cyber preparedness.

Focusing on the inherent exposure to cyberattacks, the Index looks at the size of attack surface, the frequency of attack and value that is at risk. Within the preparedness measure, the Index looks beyond legal and policy environment to examine how businesses can be better prepared for the growing cyber risks.

Singapore tops the rank as both the most prepared and the most exposed country in APAC, with highest rate of ICT penetration in APAC. With sound legal and organisational awareness, Singapore ranks consistently high across all measures of preparedness.

Strong cyber legislation, and high rates of R&D are also traits shared by South Korea, Australia, New Zealand, and Japan that ranked high on country preparedness.

Malaysia is ahead of its peers with similarly low level of exposure but strong regulatory cooperation and a comprehensive privacy regime despite less impressive relative organizational capability.

Despite ranking low in exposure (11th), Vietnam experiences the highest frequency of cyberattacks. The lack of comprehensive legislation to deal with data security and privacy means the country is underprepared for cyberattacks.

After Vietnam, Thailand experiences the second highest frequency of cyberattacks in the region. The growing use of online devices and interest in cryptocurrencies are expected to worsen Thailand’s exposure to risk.

According to Deloitte, cybersecurity executives currently spend seven percent of their time on regulatory and compliance, and twice the amount of time on cyber monitoring and operations.

A safer and lower risk cyber environment can help to redirect their attention to more critical cyber domains.

Governments across the region have a range of tools to help organizations better prepare for cyber threats and get their digitalisation projects back on track:

  1. Leading by example

Governments are the fastest growing spenders on security in the region.[8] With critical digital services increasingly central to governments around the region, spending alone is not enough. Lawmakers should consider broader governance structures that support any cyber strategy from transformation to compliance to talent recruitment.

    2.  Regulatory harmonisation 

Cybercrimes can originate from any part of the world and are often difficult to investigate and prosecute. Regulatory harmonisation between sectors facilitates proactive cyber security strategies that contribute to stronger preparedness across the region, and ultimately lead to greater enforcement of local laws—even in foreign jurisdictions.

    3.  Procurement

Government procurement practices have an influence on the broader private sector. By implementing minimum cyber security criteria, there is an opportunity to dentify potential flaws in the sourcing process and reduce overall costs of responding to a cyberattack.

    4.  Reporting

Regional variation in reporting standards increases the regulatory burden on businesses operating in the region. Reporting regulation must ensure companies operate under the best standards of data protection without imposing burdensome restrictions on their day-to-day operations.

    5.  Developing skills

APAC represents the largest regional skills shortage in the world with 2.6 million fewer workers than required. In comparison the second largest shortage found in Latin America which requires another 600,000 workers. This presents tremendous opportunity to implement specialized cyber security training, both those entering higher education and those retraining or upskilling.

Tags:

Leave a Comment

Related posts