1 in 3 APAC firms lacks cyber incident response plan, expertise 

Businesses in seven Asia-Pacific markets are feeling the impact of cyberattacks, but many are yet to build appropriate response plans or have regular access to relevant cyber expertise, according to Kroll.

The global risk and financial advisory solutions provider’s “State of Incident Response: Asia Pacific” report finds that in response to a cyber incident, 36% of organisations in the region did not have an incident response playbook, a plan or policies in place.

The report was commissioned by Kroll and conducted by Opinium, which surveyed 700 decision-makers in IT, risk, security and legal professionals evenly split across Hong Kong, Singapore, Malaysia, Philippines, Australia, Indonesia and Japan.

Findings also show that 38% did not have an appointed data protection officer or access to cyber security specialists on a retainer in APAC.

The two most cited impacts of a cyber incident were data loss (51%) and business interruption (49%).

In order to address cyber security threats, the majority of organisations were planning to increase budgets (64%) and were moving to the cloud (65%). 

Businesses in Australia were the least likely to have an incident response plan in place, and those in Hong Kong were the most likely.

Companies in Malaysia and the Philippines suffered the most incidents, while those in Hong Kong suffered the least.

Data loss was a concern across the board, but those businesses in Indonesia were also more worried than others about the reputational damage of an incident. Singaporean businesses were primarily worried about business interruption. 

“I am glad to see that businesses have focused on continuity and operational stability during the pandemic, but we continue to recommend that companies consider scaling up investment in cyber expertise to prepare for ‘when’ rather than ‘if’ an incident occurs,” said Paul Jackson, Kroll regional managing director of Asia Pacific, Cyber Risk.

Jackson said a combination of having mitigation measures brought about by considered investment in cyber security, together with a trusted cyber security advisor, will go a long way to reducing the impact of cyberattacks and enable businesses in APAC to recover more quickly. 

“After all, the worst time to plan for an attack is during one,” he added.