The Kroll State of Incident Response: Asia Pacific reveals that while businesses in Asia-Pacific are feeling the impact of cyberattacks, many have yet to build appropriate response plans or have regular access to relevant cyber expertise.
Source: State of Incident Response, APAC, October 2022, Kroll
Findings
- In response to a cyber incident, 36% of organisations in Asia Pacific did not have an incident response playbook, a plan or policies in place, 38% did not have an appointed data protection officer or access to cyber security specialists on a retainer in Asia Pacific.
- The two most cited impacts of a cyber incident were data loss (51%) and business interruption (49%).
- To address cyber security threats, 64% plan to increase budgets even as 65% are moving to the cloud.
Regional variations include:
- Businesses in Australia were the least likely to have an incident response plan in place, and those in Hong Kong were the most likely.
- Companies in Malaysia and the Philippines suffered the most incidents, while those in Hong Kong suffered the least.
- Data loss was a concern across the board, but those businesses in Indonesia were also more worried than others about the reputational damage of an incident. Singaporean businesses were primarily worried about business interruption.
Paul Jackson, regional managing director of Asia Pacific, Cyber Risk, Kroll, noted the rise in focus on continuity and operational stability during the pandemic. He suggests that companies consider scaling up investment in cyber expertise to prepare for ‘when’ rather than ‘if’ an incident occurs.
“A combination of having mitigation measures brought about by considered investment in cyber security, together with a trusted cyber security advisor, will go a long way to reducing the impact of cyberattacks and enable businesses in Asia-Pacific to recover more quickly. After all, the worst time to plan for an attack is during one.”
Paul Jackson
