Why security is imperative to digitization and Asia’s economic potential
Managing Director, Security, APJ
Thought Leadership, Digitization, Security
Organizations today face serious challenges when it comes to cybersecurity, with digital disruption occurring at massive scale. Digital disruption now impacts half of companies globally and has become a top-of-mind issue at the board level. However as part of embracing digital transformation, the biggest change that must take place is the shift from security being seen as an IT task to protect assets, to a strategic business process that enables organizations to succeed faster. This shift in mindset is even more imperative in Southeast Asia, a region that’s home to some of the world’s fastest growing economies. According to new research commissioned by Cisco, the digital economy in the Association of Southeast Asian Nations (ASEAN) has the potential to add $1 trillion to GDP over the next 10 years. The research report titled Cybersecurity in ASEAN: An Urgent Call to Action, was conducted by global management consulting firm A.T. Kearney, and emphasises that cybersecurity risk across the region will continue to escalate as countries get more digitally interconnected.
An emerging region prime for attacks
The ASEAN region includes Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, the Philippines, Singapore, Thailand, and Vietnam. With a combined GDP of more than $2.7 trillion, the ASEAN region is the world’s seventh largest market and is swiftly becoming an economic force to reckon with. Nominal GDP is expected to grow at a CAGR of 8.2 percent, exceeding $4 trillion by 2022. With a population of 645 million people—over 100 million more than the European Union (EU)—ASEAN is the third most populous market in the world.
Although ASEAN lags its global peers, the region has the potential to enter the world’s top five digital economies by 2025. The region is strategically positioned to capture trade with other growth powerhouses, both geographically and diplomatically. However its growing strategic relevance and expanding digitalization also make it a prime target for cyberattacks.
According to A.T. Kearney’s research, cybersecurity is a very real danger in ASEAN for a number of reasons:
— ASEAN countries have emerged as launchpads for cyberattacks. For example, Malaysia, Indonesia, and Vietnam are global hotspots for major blocked suspicious Web activities—up to 3.5 times the standard ratio, which indicates these countries are being used to launch malware attacks.
— Policy preparedness is still nascent, with a lack of institutional oversight and low levels of spending to fortify digital economies.
— A nascent local cybersecurity industry faces shortages of homegrown capabilities and expertise. Malaysia, for instance, currently has 6,000 cybersecurity professionals but requires 10,000 by 2020.
— Perception that cyber risk is an IT risk results in the absence of a holistic approach to cyber resilience.
— Multiple vendor relationships and product deployments result in operational complexity, slowing times to detect and respond to attacks.
The research report cautions that underinvestment in tackling cybersecurity threat is aggravating risk across the region, and that ASEAN needs to spend US$171 billion between 2017 and 2025 to be in line with global best-in-class countries.
The region’s response to the cybersecurity challenge also needs to be comprehensive and forward-looking, with A.T. Kearney highlighting the following actions to tackle the core of the problem including: Elevating cybersecurity on the regional policy agenda; Securing a sustained commitment on cybersecurity; Fortifying the ecosystem; and Building the next wave of cybersecurity capability.
In the research report, A.T. Kearney recommends forging public–private partnerships (PPP) and industry alliances, as the sectors can benefit from working together on cybersecurity initiatives.
Singapore, for example, has developed several PPP programs, including the Singtel Cybersecurity Institute, the Cybersecurity Centre of Excellence, and the Cyber Risk Management Project. PPPs have tended to focus on three objectives: workforce development, research and development, and information sharing.
In 2018, Singapore takes over the rotating chairmanship of the Association of Southeast Asian Nations (ASEAN), with Todayonline reporting that Singapore will promote and uphold the regional order to better deal with emerging security challenges, tap into new ways to manage and mine digital technologies, and push ahead with regional economic integration. Singapore also pledged to further strengthen regional integration and connectivity.
Additionally Singapore is leading in cybersecurity governance and policy development, compared to other countries in Southeast Asia. The country has laid out a national cybersecurity strategy and has passed cybercrime laws – making Singapore the most advanced ASEAN country when it comes to cybersecurity policy.
Cybersecurity needs to be an integral part of policy discussions, and Cisco is a trusted security partner to governments worldwide. Through our Security & Trust Organization (STO) we engage with governments to help shape national cybersecurity policy agenda. We’ve signed multiple agreements with world governments to establish a threat intelligence sharing framework where both Cisco and government personnel work cooperatively together to address cybersecurity threats and incidents. Through this process we help to identify and shape emerging security market trends, share best practices, and learn new approaches to enhance cybersecurity. Recently in Singapore, we signed a new global agreement with INTERPOL that will see our two organizations develop a coordinated approach to sharing data on cyber threats. John Stewart, Cisco’s Chief Security & Trust Officer was also the key industry advisor to the Australian Government on its national cybersecurity strategy and our STO continues to grow its footprint in Asia Pacific.
A.T. Kearney’s research states that even with a comprehensive cybersecurity strategy and budget, security leaders are likely to face a shortage of skilled and qualified cybersecurity professionals to implement their cybersecurity agenda. The shortage of skilled cybersecurity talent represents a worldwide challenge, with the US Information Systems Audit and Controls Association (ISACA) citing a global shortage of more than 2 million professionals by 2019.
Security is imperative to digital transformation and to help close the security skills gap, Cisco is preparing IT and cybersecurity professionals for these expanding job roles. We’ve been doing this for 20 years through the Cisco Networking Academy. For 20 years, the academy has touched the lives of over 7.8 million students across 180 countries. In Asia Pacific, the Networking Academy has trained 1.26 million students since inception, and 27% of these students were female. Most of the academy’s courses are free of charge, and in particular the security courses include Introduction to Cybersecurity; Cybersecurity Essentials; and CCNA Security. During the 2017 financial year, 10,000 students in the Asia Pacific Japan region took our cybersecurity courses – and globally we trained 90,000 security students. Cisco is committed to building the pipeline of future cybersecurity professionals in the region, while helping to solve global cybersecurity challenges.
Recognizing the cost of cyberattack
In the research report, Cybersecurity in ASEAN: An Urgent Call to Action, A.T. Kearney explains that assessing the cost of data breaches is challenging because of the lack of transparent reporting. Analysts estimate the fiscal impact of such breaches based on surveys conducted globally and in the ASEAN region. The impact depends on how many records are lost in the breach and what percentage of the customer base has churned after the breach. The average total organizational cost of a data breach in ASEAN in 2016 was $2.36 million, according to Ponemon Institute’s 2017 Cost of Data Breach Study. The largest component of this cost was detection and escalation, which accounted for 41 percent of the total cost while lost business accounted for 30 percent.
The research also forewarns that companies across ASEAN face growing risk of cyberattacks, which could expose the region’s top listed firms to a US$750 billion erosion in current market capitalization.
In addition to the financial impact, the opportunity cost of poor cyber resilience is that it can impact a company’s growth and innovation agenda. In Cisco’s Cybersecurity as a Growth Advantage report, 71 percent of executives say concerns over cybersecurity are impeding innovation in their organizations. Thirty-nine percent say they halted mission-critical initiatives because of cybersecurity issues.
Security is the foundation to digital transformation. And with a rise in the different types of attacks and in the level of sophistication, detecting threats quickly is increasingly important. Cisco measures the window of time between a compromise and the detection of a threat, calling it “time to detection”. From November 2016 to May 2017, we have dramatically reduced our time to detection rates from just over 39 hours to about 3.5 hours on average. In comparison, the average is 184 days to detect a data breach in ASEAN.
Cisco's best-of-breed security offerings and our architectural approach help customers worldwide secure their organizations more effectively from the network to the endpoint to the cloud. Our comprehensive security portfolio is designed to work together to deliver effective network security and incident response, as well as boost IT productivity through automation.
With ASEAN companies facing US$750 billion exposure from cyberattacks, it’s never been more important for private and public organizations to invest in automated tools to help their security teams stay on top of alerts, gain visibility into their dynamic networks, as well as detect and respond swiftly to threats.
For more on the state of cybersecurity in Southeast Asia, download the report now.
Source: Cybersecurity in ASEAN: An Urgent Call to Action; Institute for Management Development; Todayonline; Cisco Networking Academy; Cisco Cybersecurity as a Growth Advantage; Cisco 2017 Midyear Cybersecurity Report