Cybersecurity: Are you taking information security seriously?

Southeast Asia is one of the world’s most economically dynamic regions, but there is a large and potentially disastrous flaw in the business model of many companies in the region. In 2017, ASEAN member states collectively spent US$1.9 billion or 0.06 percent of their gross domestic product (GDP) on cybersecurity, less than half of the global average of 0.13 percent.

As technology develops at light speed and hackers get more sophisticated and unpredictable, this lack of preparedness for cyberattacks may cost organizations in ASEAN dear. The risks include cyberattacks leading to business interruptions that organizations – in particular traditional brick-and-mortar businesses and small and medium-sized enterprises (SMEs) – may find crippling.

The Cyber Risk Management project led by Singapore’s Nanyang Technological University (NTU-IRFRC) in collaboration with industry partners and academic experts earlier this year studied a hypothetical email ransomware attack across the world and forecast that Asia could lose US$19 billion. Apart from ransom payments, other costs would include cyber-incident response, damage control and mitigation, business interruption, lost revenue, and reduced productivity.

ASEAN’s developing cybersecurity industry needs to grow at the same pace, if not quicker than technology advancements in order to minimize the risk of cyber incidents disrupting the region’s economic growth. A concerted effort across government and regulators, business leaders and the insurance industry will be required to strengthen cyber resilience.

The region’s pillars of support

Singapore has taken the lead for the region, investing US$30 million to fund the ASEAN-Singapore Cybersecurity Centre of Excellence aimed at deepening the region’s cyber capabilities and enhancing its ability to respond to emerging global cyber threats. As an extension of the Centre, it is also critical for governments to make cybersecurity and risk management tools easily and efficiently accessible to businesses, especially SMEs that generally have less capital to invest in areas such as information security.

Charting the direction for businesses

High-level executives are increasingly aware of cyber risks and threats, with roles such as Data Privacy Officer and Chief Information Security Officer becoming more widespread within organizations. Staying abreast of technological advancements and digital disruption in order to understand and even predict new risks associated with these developments will improve the accuracy of organizations’ risk exposure models, which in turn will help insurers design more innovative cyber insurance products and services.

Employees, handling data, remain one of the top causes of data breaches, both malicious and negligent. Business leaders need to drive a culture of cybersecurity across the organization and prioritize and incorporate training to educate employees on information security, the potential risks and repercussions.

Tailoring the right coverage

Insurance leaders have an important role to play in helping to educate business stakeholders beyond IT departments on cyber-risks ranging from malicious attacks to human error. At the same time, compliance experts can advise businesses on the associated financial and reputational impact and risk-transfer solutions available to support them in the event of an incident.

The Data protection regulators across the region including the National Privacy Commission of the Philippines remind companies again and again to improve Data Privacy Protection. Organisations such as the EITSC and Straits Interactive Pte Ltd offer technical solutions to achieve this.

If assistance is required, you may email Mr Henry J. Schumacher at schumacher@eitsc.com

Training available

There are training courses available for DPO to integrate the cybersecurity to the overall data protection programme, from EXIN to ISO certification. Please click to explore.

 
Information and Cybersecurity for Managers - EXIN Certification

ISO/IEC 27001 Lead Implementer (Information Security Management System) - Self-paced learning.

By: Henry J. Schumacher

If assistance is needed, do email Henry J. Schumacher at schumacher@eitsc.com

The views and opinions expressed in this article are those of the author and do not necessarily reflect the official view or position of DPEXNetwork.