Cyber risks could cost ASEAN firms US$750 billion--study

The digital economy in ASEAN could potentially add US$1 trillion to GDP over the next ten years-but this success could be thwarted by cyber risks that cost it at least $750 billion in market capitalisation, if the region does not take action on cybersecurity, says a new report from management consultants A.T. Kearney.

Region a prime target

ASEAN’s growing strategic relevance has made it a prime target for cyber attacks, and ASEAN countries have already been used as launchpads for attacks, either as hotbeds of unsecured infrastructure, or as well-connected hubs to initiate attacks. Cyber resilience is generally low and countries have varying levels of cyber-readiness.

Specifically, there is a lack of a strategic mindset, policy preparedness, and institutional oversight relating to cybersecurity. The absence of a unifying framework makes regional efforts largely voluntary, leads to an underestimation of value-at-risk, and results in significant underinvestment, said the report.

Other issues hampering a comprehensive approach to cybersecurity include the perception of cyber risk as an IT rather than a business problem, shortages of home-grown capabilities and comprehensive solutions and multiple vendor relationships creating operational complexity.

Situation will escalate over time

According to the report, the increase in trade, capital flows, and cyber linkages across ASEAN countries mean that the cyber threat landscape will generate even greater complexity in the future, further escalating the region’s cybersecurity challenges.

• Growing interconnectedness will intensify the systemic risk, making the region only as strong as its weakest link.
• Diverging national priorities and varying paces of digital evolution will foster a pattern of sustained underinvestment.
• Limited sharing of threat intelligence, often because of mistrust and a lack of transparency, will lead to even more porous cyber defense mechanisms.
• Rapid technological evolution makes threat monitoring and response more difficult, especially with the rise of encryption, multi-cloud operations, the proliferation of the Internet of Things (IoT), and the convergence of operation technology (OT) and IT.

Due to these factors, the top 1,000 ASEAN companies could lose $750 billion in market capitalisation, and cybersecurity concerns could derail the region’s digital innovation agenda—a central pillar for its success in the digital economy.

Urgent action required:

The report called for a comprehensive response involving a range of stakeholders to deal with the scale of the threat, with an active defense mindset is required to work together to defend and leverage collective ASEAN resources:

• Elevate cybersecurity on the regional policy agenda and harmonise cyber resilience across the region
• Secure a sustained commitment to cybersecurity (up to $170 billion in additional investment might be required)
• Fortify the ecosystem by mandating that businesses adopt a risk-centric and layered defense approach to cyber risk
• Build the next wave of cybersecurity capability in talent and innovative technologies