A recent Frost & Sullivan study commissioned by Microsoft has revealed that the potential economic loss across the Asia-Pacific region because of cyber security incidents could reach an astonishing US$1.745 trillion.
Key findings of the study
Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World surveyed 1,300 respondents from 13 countries – Australia, China, Hong Kong, Indonesia, India, Japan, Korea, Malaysia, New Zealand, Philippines, Singapore, Taiwan and Thailand.
The study revealed that a large-sized organisation in the Asia-Pacific region “can possibly incur an economic loss of US$30 million, more than 300 times higher than the average economic loss for a mid-sized organization (US$96,000)”.
To calculate the economic impact of cyber attacks in the Asia-Pacific region, Frost & Sullivan identified three types of losses that could occur following a cyber attack:
- Direct: Financial losses associated with a cyber attack, e.g. costly penalties because of non-compliance with data protection requirements.
- Indirect: Opportunity cost because of reputational damage.
- Induced: Impact to the broader ecosystem and economy.
Vice President and Asia Pacific Head of Enterprise for Frost & Sullivan, Edison Yu, said, “Although the direct losses from cybersecurity breaches are most visible, they are but just the tip of the iceberg.
“There are many other hidden losses that we have to consider from both the indirect and induced perspectives, and the economic loss for organizations suffering from cybersecurity attacks can be often underestimated.”
The study also found that cyber attacks have resulted in “job losses across different functions in almost seven in ten (67%) organizations that have experienced an incident over the last 12 months”.
People, processes and technology
Microsoft highlighted that “for a cybersecurity practice to be successful, organizations need to consider People, Process and Technology, and how each of these contributes to the overall security posture of the organization”.
An ISMS (information security management system) encompasses these elements and, by implementing an ISMS that is certified to the international standard, ISO 27001, your organisation will better manage, monitor, audit and improve your information security.
An ISO 27001-compliant ISMS helps organisations to:
- Avoid penalties and financial losses;
- Protect and enhance its reputation;
- Meet increasing client demands for greater data security;
- Get independently audited proof that its data is secure; and
- Meet local and global security laws, such as the EU GDPR (General Data Protection Regulation).
If you’re looking to implement an ISO 27001 ISMS and don’t know where to start, download our free green paper for a quick introduction.
Implementing an ISMS – The nine-step approach explains IT Governance’s tried-and-tested, nine-step approach to implementing an ISO 27001-compliant ISMS that will save you time and money.