Cyber-risk may shave off $750bn in Asean
Asean is at growing risk of cyber-attacks, which could expose the region's top-listed firms to a US$750 billion (23.9 trillion baht) erosion in current market capitalisation, according to research conducted by global management consulting firm A.T. Kearney, commissioned by Cisco.
Gareth Pereira, A.T. Kearney principal of media and technology practice, said the growing strategic relevance of Asean, driven by economic expansion and ongoing digital adoption, make it a prime target for cyber-attacks.
Cyber-risk is perceived to be an IT rather than a business problem, but regional businesses do not have a comprehensive approach to cybersecurity.
"The region's nascent cybersecurity industry faces a shortage of home-grown capabilities and expertise, fragmented products and solutions and few comprehensive solution providers. Multiple vendor relationships and product deployments are creating operational complexity and increasing vulnerability in some cases," he said.
A combination of new policy preparedness, an absence of a unifying regional governance framework, a shortage of skilled talent, the underestimation of risk and a lack of adequate investment are among the factors that contribute to the heightened risk, said Mr Pereira.
The report emphasises that cybersecurity risk across the bloc will continue to escalate as it becomes more digitally interconnected. Diverging national priorities across Asean countries and varying paces of digital evolution will foster a pattern of sustained underinvestment.
Asean's cybersecurity spending was estimated to be $1.9 billion in 2017, representing 0.06% of the region's GDP. Asean's spending on cybersecurity is forecasted to grow at a 15% compound annual growth rate from 2015 to 2025. The top three economies -- Singapore, Malaysia, and Indonesia -- are likely to drive a significant portion of this growth, accounting for 75% of the market by 2025. Indonesia, the Philippines, Vietnam, and Malaysia are expected to see the highest growth as they address gaps in infrastructure and as the managed service landscape evolves.
Asean countries are underspending on cybersecurity, said Mr Pereira. The region spends an average of 0.07% of its collective GDP on cybersecurity annually. It would need to increase spending to 0.35-0.61% of GDP between 2017 and 2025, to be in line with the best in class benchmark (based on spending levels as a percentage of GDP for Israel).
This translates to $171 billion in collective spend needed across Asean countries during the period, while Thailand's cybersecurity spending is estimated at $23.3 billion, close to Malaysia's $23 billion and the Philippines' $22.8 billion. Limited sharing of threat intelligence, often because of mistrust and a lack of transparency, will lead to even more porous cyberdefence mechanisms.
"The digital economy in Asean has the potential to add $1 trillion to GDP over the next 10 years," he said.
But cyber-risks could impede trust and resilience in the digital economy and prevent the region from realising its full digital potential. Asean countries have already been used as launch pads for attacks, either as vulnerable hotbeds of unsecured infrastructure or as well-connected hubs to initiate attacks, said Mr Pereira.
Cyber resilience is generally low and countries have varying levels of cyber-readiness. There is a lack of strategic mindset, policy preparedness and institutional oversight relating to cybersecurity, he said.
Vatsun Thirapatarapong, managing director of Cisco in Thailand and Indochina, said the cybersecurity threat will persist, so countries need to build the next wave of cybersecurity capabilities.