Grant Thornton uses cookies to monitor the performance of this website and improve user experience
To find out more about cookies, what they are and how we use them, please see our privacy notice, which also provides information on how to delete cookies from your hard drive.
They are right to worry. A recent Frost & Sullivan study and Microsoft entitled “Understanding the Cyber Security Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World” collected data from 1,300 business and IT leaders in medium to large organisations. The study revealed that large organisations in Thailand (500 employees or more) each lost an average of $12.7 million in 2017 due to direct, indirect, and induced effects of cyberattacks.
In most cases, direct losses make up a small percentage of the total damage done via cyberattack. Harm to reputation is counted as an indirect cost, as is the resulting loss of customers, as well as opportunity costs from dealing with a security breach. Induced costs include the damage done to the wider economy and industry in which the attack took place.
For the average large Thai organisation included in the study, just $0.7 million was lost through the direct result of attacks. Indirect effects accounted for $6.7 million of the lost money, while induced losses accounted for the remaining $5.3 million. The subtle, sometimes hidden costs of indirect and induced losses often cause businesses to underestimate their exposure to cyberattacks.
Other related statistics have a similarly sobering effect. According to the same study, 62% of companies suffered job losses due to cybersecurity incidents, and nearly ¾ of companies said they had delayed their adoption of digital transformation plans due to fear over cyberattacks. In total, $8.9 billion – or 2.2% of Thailand’s entire GDP – was lost last year due as a result of cyberattacks.
Across the Asia Pacific region, upwards of $1.745 trillion (7% of its total GDP) could potentially be lost due to cyberattacks in the coming years. The most potent methods of attack include online brand impersonation, fraudulent wire transfer, data exfiltration, and data corruption. In such an environment, with botnets, hackers, and ransomware all adapting more vigorously to an increasingly complex digital world, it is no wonder that some companies are hesitant to commit to a greater reliance on computerised networks.
But there is hope. As cyberattacks become more advanced, so do defences. Artificial intelligence itself, if put to proper use, can be enlisted to protect your company’s data systems. In fact, according to the Frost & Sullivan study, 3 out of 4 Asia-Pacific organisations are already either planning to incorporate AI into their cybersecurity, or have already done so. AI can monitor computer use, scan systems, detect anomalies, and shut down irregular access to networks as threats are discovered.
AI, however, is but one link in a long chain of important security measures for the digital age. A year ago we published a report on the risks, and the countermeasures, that companies need to be aware of in the present environment. The recommendations in that report are process-based and universal, and can be summarised through the following guidelines:
These security measures will take some time and effort to implement, but the inconvenience they pose is trivial compared to the potential impact of a targeted cyberattack. Despite experiencing significant losses from security breaches, many organisations have been slow to adopt these types of controls. As we reported a year ago, more than one in three (36%) organisations do not assign a risk profile to their data, making it difficult for their IT staff to know which information to focus most of their attention on protecting. Companies need to raise their awareness of these issues and adopt sensible plans to defend themselves. This isn’t a straightforward activity, or even a finite one, but it is an indispensable part of risk management in the digital era.
