The corporate focus on cybersecurity has deepened over the years in Asia Pacific. In most companies, cybersecurity budgets are set to expand further in 2024, according to the "2024 Digital Trust Insights: Asia Pacific" report by PwC.
The Asia Pacific edition -- which sought the views of 683 business and tech leaders across the region -- also found that companies are viewing the rise of Generative AI (GenAI) with a mixture of scepticism and excitement, and many are bulking up investments in cybersecurity to protect against cyber-attacks.
Organisations in the region are also keenly aware of how cyber-attacks can damage reputations, customer confidence and operations, leading to losses of real and potential business opportunities.
The number of major breaches in Asia Pacific has increased, with 35% of organisations experiencing data breaches costing anywhere from $1 million to $20 million over the last three years.
With cybersecurity risks intensifying, 54% of organisations ranked the threat of losses of customer, employee and transaction data as their top concern, while 46% are more concerned about the impact on the company brand and revenues.
The multifaceted nature of organisation-wide cyber threats means that this issue is now dominating boardroom agendas, with 95% of firms having brought in board members with deep experience in reporting on cyber risk exposure and mitigation measures.
Board meeting minutes devoted to cybersecurity risk have also increased. Board-level scrutiny will likely only increase over time, given the rising momentum for cybersecurity legislations and data protection laws in multiple jurisdictions across Asia Pacific. These are expected to inflate compliance costs -- as noted by 42% of respondents -- while also placing organisations at greater risk of incurring significant fines.
DARKENING CLOUD
According to the survey, cloud-related threats are among the top three cyber concerns for 51% of Asia Pacific organisations over the next 12 months.
Similar dynamics are occurring with emergent technologies like GenAI. GenAI has the potential to be immensely impactful by accelerating the pace at which security teams can identify risks and threats, thus levelling the playing field against intensifying attacks from bad actors.
More than 69% of respondents highlighted that they will use GenAI for cyber defence in the next 12 months, and 47% said they are already using GenAI for cyber detection and mitigation. Tellingly, 21% of respondents are already reporting benefits to their cyber programmes because of GenAI.
Organisations are also aware of the problems of over-reliance on third-parties: 63% acknowledge the need to rebalance between in-house capabilities and outsourced or managed services.
Given the diverse skills needed to combat complex cyber threats, leaders in Asia Pacific are focused on upskilling (70%) and retaining or identifying key talent (51%) as pathways to bringing their tech needs under their control and purview, which could reduce their overall need to hire external vendors.
There may also be a need for reskilling as organisations prepare workforces to manage new roles and responsibilities emerging from greater digitisation, and inevitably, to combat increased cyber threats.
MITIGATION STRATEGIES
As businesses start to build the resources to take an integrated risk management approach to fortify cybersecurity architecture and foster stronger resilience, leaders can begin by focusing on these key strategies:
- Establish shared strategy and objectives throughout the organisation, ensuring these goals cut across subject matter, function and level;
- Align related risk subjects across different functions to embed synergy and power better cross-organisation decision-making for better accountability and awareness at all levels;
- Establish more board oversight and accountability for cyber risks;
- Integrate cyber risks into the organisation's overall risk framework, with the help and support of security leaders on the ground;
- Develop a comprehensive workforce strategy that prioritises organisation-wide digital upskilling initiatives and talent development, balanced with the use of third-party subject matter experts;
- Identify and emphasise investment in tech assets that have the most business and security impact in the long term.
"Many organisations in Thailand have increased efforts to improve cybersecurity, but the level of effort varies significantly between industries," said Rishi Anand, consulting partner at PwC Thailand.
"Sectors driven by strict regulatory requirements, such as financial services, tend to be more proactive. However, some companies still focus more on compliance rather than managing overall risks."
When asked how Thai companies are using GenAI for cybersecurity, Mr Anand said: "Thailand's AI adoption is still in the early stages, where most businesses are focusing on business cases such as chatbots, loan services and waste management, rather than cybersecurity.
"Even within cybersecurity, AI is primarily used to enhance detection and response capabilities, in line with broader trends in Asia Pacific. Meanwhile, most conversations around AI for cybersecurity focus on products with built-in machine learning capabilities or advanced AI components.
"As Thailand embraces digitisation, Thai companies must place a greater emphasis on cybersecurity," Mr Anand said. "It is crucial to protect their businesses from bad actors and maintain trust in an increasingly digital world."
To download the full report, visit https://tinyurl.com/3tc2sujs