Kroll has today published its report State of Incident Response: Asia-Pacific. The report finds that businesses in APAC are feeling the impact of cyberattacks and in Australia 72% of businesses reported experiencing a cyber incident – much higher than the average of 59% across the APAC region.
Key Australia findings:
The research finds that data loss is the greatest concern for Australian businesses, with 61% concerned about it, despite the fact business interruption was reported as having the greatest impact (47%), ahead of data loss and reputational damage (both at 39%).
The research also found that companies in Australia are the least likely in APAC to have an incident response plan in place. Incident response plans are a critical aspect of boosting cyber resilience, as it establishes a clear, measurable incident response playbook that sets out specific steps to follow in the event of an attack.
Over half of businesses in Australia are prioritising five key measures to address the cyber security threats. Their top five priorities in order are: buying hardware and software security tools (59%), increased budget and spending (56%), with training, monitoring and moving to the cloud all given the same priority (52%).
Alex Nixon, Senior Vice President and the head of Cyber Risk for Australia at Kroll said: “Some of these numbers do not make comfortable reading for corporate Australia. We come third across the region in terms of the most cyber security incidents, and while the majority of organisations are investing more budget and buying more hardware and software security tools, we are lagging in other areas. We should all be concerned we’re bottom of the list regionally for incident response planning, something the government is encouraging every major organisation to participate in. The report shows cyber risk has never been more important and that business interruption, data loss and reputation damage are the key factors we should all be preparing for.”
Overall findings of the report:
- In response to a cyber incident, 36% of organisations in APAC did not have an incident response playbook, a plan or policies in place, 38% did not have an appointed a data protection officer or access to cyber security specialists on a retainer in APA
- The two most cited impacts of a cyber incident were data loss (51%) and business interruption (49%).
- In order to address cybersecurity threats, the majority of organisations were planning to increase budgets (64%) and were moving to the cloud (65%).
Paul Jackson, Regional Managing Director of Asia-Pacific, Cyber Risk, Kroll said: “Businesses have unsurprisingly focused on continuity and operational stability during the pandemic, but we’d urge more to consider scaling up response plans and investment in cyber expertise to prepare for ‘when’ rather than ‘if’ and incident occurs. Building ‘muscle memory’ in response to cyber incidents will go a long way to reducing the impact of cyberattacks and enable businesses in APAC to recover more quickly. After all, the worst time to plan for an attack, is during one.”
Local market variations include:
- Malaysia and the Philippines suffered the most incidents, while Hong Kong suffered the least.
- Data loss was a concern across the board, but those in Indonesia were also more worried than others about the reputational damage of an incident. Singaporean businesses were primarily worried about business interruption.
The report was commissioned by Kroll and conducted by Opinium. It surveyed 700 decision makers in IT, risk, security and legal professionals evenly split across the following APAC markets: Hong Kong, Singapore, Malaysia, Philippines, Australia, Indonesia and Japan.
You can read the full report here
