Cyberattack is one of the top five risks for businesses operating in Asia Pacific, due to rapidly growing connectivity and low cybersecurity awareness, according to the Asia Pacific Risk Center (APRC)'s Cyber Risk in Asia-Pacific report. It found that the region has increasing volumes of cross-border data transfers coupled with weak regulations, providing opportunities for cyber criminals. Transparency in the region is also a problem and there is not enough visibility of the risk of online payment fraud or data breaches.

The report noted: “Detailed and clear data breach notification laws, supported by enforcement, and a culture of compliance within organisations are critical to improving transparency and improved risk mitigation.”

It also found that many companies in Asia-Pacific lack the necessary structure, processes or culture for addressing cyber risk throughout the organisation, through a comprehensive risk management framework.

80% higher chance of attack on Asian organisations

Some of the findings of the APRC's report include the following statistics:

• cyber criminals are 80 per cent more likely to attack organisations in Asia;
• cyber risk is ranked sixth among the global top risks but it's ranked as the fifth in Asia;
• $81 billion was lost in business revenues through cyberattacks in Asia in 2015;
• Asian companies take 1.7 times longer than the global median to discover a breach;
• 78 per cent of Internet users in Asia have not received any education on cybersecurity;
• Asian firms spent 47 per cent less on data security than North American firms.

Three cyber risk challenges for Asian companies

While the report acknowledges that no company can completely eliminate cyber risk, it sets out three practical challenges for companies in establishing an enterprise-wide comprehensive risk framework that goes beyond the IT department.

1: Modelling framework and development

Companies need to design their risk framework to get a meaningful outcome and develop scenarios that consider the risks from various angles including the following: foregone revenue, liability losses, reputational damage, impacts to customers and processes, as well as regulatory requirements such as regulatory fines and compensation for customers.

2: Data availability and reliability

This is a significant challenge, particularly in Asia-Pacific, where the lack of transparency surrounding cyberattacks makes it difficult to gather reliable data. Nonetheless, companies need to quantify and model their cyber risks on relevant internal and external data – and one of the challenges that companies face is making the right assumptions in their models.

3: Decision-making: lack of transparency and incomplete information

As a result of incomplete or unreliable data sources, companies face the challenge of accurately pricing their risk exposure and they consequently struggle to make strategically sound, risk-adjusted decisions. The report notes that this is further reason for governments to promote transparency around cyber security.