SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
APAC businesses lacking cyber incident response plans
Wed, 2nd Nov 2022
FYI, this story is more than a year old

Businesses in Asia Pacific are feeling the impact of cyberattacks, but many are yet to build appropriate response plans or have regular access to relevant cyber expertise, according to the State of Incident Resonse: Asia Pacific report from Kroll. 

According to the report, in response to a cyber incident, 36% of organisations in Asia Pacific did not have an incident response playbook, a plan or policies in place, 38% did not have an appointed data protection officer or access to cyber security specialists on a retainer in Asia Pacific.

The two most cited impacts of a cyber incident were data loss (51%) and business interruption (49%). In order to address cyber security threats, the majority of organisations were planning to increase budgets (64%) and were moving to the cloud (65%).
The report found that businesses in Australia were the least likely to have an incident response plan in place, and those in Hong Kong were the most likely.

Companies in Malaysia and the Philippines suffered the most incidents, while those in Hong Kong suffered the least.

Data loss was a concern across the board, but those businesses in Indonesia were also more worried than others about the reputational damage of an incident. Singaporean businesses were primarily worried about business interruption.  
“I am glad to see that businesses have focused on continuity and operational stability during the pandemic, but we continue to recommend that companies consider scaling up investment in cyber expertise to prepare for ‘when’ rather than ‘if’ an incident occurs," says Paul Jackson, Regional Managing Director of Asia Pacific, Cyber Risk, Kroll. 

"A combination of having mitigation measures brought about by considered investment in cyber security, together with a trusted cyber security advisor, will go a long way to reducing the impact of cyberattacks and enable businesses in Asia Pacific to recover more quickly. After all, the worst time to plan for an attack is during one.”

The State of Incident Response report sets out how the Asia Pacific (APAC) market has been impacted by vulnerabilities, highlights incident patterns for the region and proposes actionable priorities for the future.

The report was commissioned by Kroll and conducted by Opinium. It surveyed 700 decision-makers in IT, risk, security and legal professionals evenly split across the following Asia Pacific markets: Hong Kong, Singapore, Malaysia, Philippines, Australia, Indonesia and Japan.

According to Kroll, it is worth noting, however, that the regulatory landscape and data protection in APAC is generally less established than in developed markets such as the U.S. and thus this may understate the number of cyber incidents being reported.