- 84% of Asia Pacific business and tech executives reported increases in their cyber budgets as the number of mega breaches experienced by Asia Pacific organisations in the past three years has risen considerably
- Asia Pacific organisations are waking up to the reality of how cyber-attacks can damage reputations, customer confidence and operations, leading to losses of real and potential business opportunities
- According to the survey, cloud-related threats are among the top three cyber concerns for 51% of Asia Pacific organisations over the next 12 months
- Leaders recognise that GenAI has the potential to be immensely impactful in the cybersecurity space by accelerating the pace at which security teams can identify risks and threats
Corporate focus on cybersecurity has deepened over the years in Asia Pacific. In most companies, cybersecurity budgets are set to expand further in 2024, according to PwC's 2024 Digital Trust Insights: Asia Pacific report. This report is the Asia Pacific cut of PwC's flagship Global Digital Trust Insights survey.
The Asia Pacific edition - which canvassed the views of 683 business and tech leaders across Asia Pacific - also found that companies are viewing the rise of Generative AI (GenAI) with a mixture of scepticism and excitement, and many are bulking up investments in cybersecurity to protect against cyberattacks. Organisations in the region are also keenly aware of how cyber-attacks can damage reputations, customer confidence and operations, leading to losses of real and potential business opportunities. The number of mega breaches in Asia Pacific has increased, with 35% of organisations experiencing data breaches costing anywhere from USD1m (USD36.24m)[1] to USD20m (USD724m) over the last three years.
Setting the tone from the top through changes in boardroom agendas
With cybersecurity risks intensifying, 54% of organisations ranked the threat of losses of customer, employee and transaction data as their top concern while 46% of businesses are more concerned about cyber threats' impact on company brand and revenues. The multifaceted nature of organisational-wide cyber threats has meant that this issue is now dominating boardroom agendas, with a massive 95% of firms having brought in board members with deep experience in reporting on cyber risk exposure and mitigation measures. Board meeting minutes devoted to cybersecurity risk have also increased. Board-level scrutiny will likely only increase over time, given the rising momentum for cybersecurity legislations and data protection laws in multiple jurisdictions across Asia Pacific. These are expected to inflate compliance costs - as noted by 42% of respondents - while also placing organisations at greater risk of incurring significant fines.
Growing cloud and GenAI adoption in Asia Pacific
Today, digital transformation is viewed as non-negotiable for organisations striving to remain competitive, resilient and relevant to customers. According to the survey, cloud-related threats are among the top three cyber concerns for 51% of Asia Pacific organisations over the next 12 months. Similar dynamics are occurring with emergent technologies like GenAI. GenAI has the potential to be immensely impactful in the cybersecurity space by accelerating the pace at which security teams can identify risks and threats, thus levelling the playing field against intensifying attacks from bad actors. More than 69% of respondents highlighted that they will use GenAI for cyber defence in the next 12 months and 47% respondents said they are already implementing GenAI for cyber detection and mitigation. Tellingly, 21% of respondents are already seeing benefits to their cyber programmes because of GenAI.
Increasing focus on upskilling to overcome the costs of cyber threats
Organisations are aware of the problems of over-relying on third-parties: 63% of organisations acknowledge the need to rebalance between in-house capabilities and outsourced or managed services. Given the diverse skills needed to combat complex cyber threats, leaders in Asia Pacific are focused on upskilling (70%) and retaining or identifying key talent (51%) as pathways to bringing their tech needs under their control and purview, which could reduce their overall need to hire external vendors. There may also be a need for reskilling as organisations prepare workforces to manage new roles and responsibilities emerging from greater digitalisation, and inevitably, to combat against increased cyber threats.
Mitigation strategies adopted by businesses to address third-party risks
As businesses start to build the resources to take an integrated risk management approach to fortify its cybersecurity architecture and to foster stronger resilience, leaders can begin by focusing on these key strategies:
- Establish shared strategy and objectives throughout the organisation, ensuring these goals cut across subject matter, function and level
- Align related risk subjects across different functions to embed synergy and power better cross-organisation decision-making for better accountability and awareness at all levels
- Establish more board oversight and accountability for cyber risks
- Integrate cyber risks into the organisation's overall risk framework, with the help and support of security leaders on-the-ground
- Develop a comprehensive workforce strategy that prioritises organisation-wide digital upskilling initiatives and talent development, balanced with the use of third-party subject matter experts
- Identify and emphasise investment in tech assets that have the most business and security impact in the long term
Rishi Anand, Consulting Partner at PwC Thailand, commented: "Many organisations in Thailand have increased efforts to improve cybersecurity, but the level of effort varies significantly between industries. Sectors driven by strict regulatory requirements, such as financial services, tend to be more proactive. Despite this proactiveness, however, some companies still focus more on compliance rather than managing overall risks."
When asked how Thai companies are leveraging GenAI for cybersecurity, Anand said, "Thailand's AI adoption is still in the early stages, where most businesses are focusing on business cases such as chatbots, loan services, and waste management, rather than cybersecurity.
"Even within cybersecurity, AI is primarily leveraged to enhance detection and response capabilities, in line with broader trends in the Asia Pacific. Meanwhile, most conversations around AI for cybersecurity focus on products with built-in machine learning capabilities or advanced AI components."
He further emphasised, "As Thailand embraces digitalisation, Thai companies must place a greater emphasis on cybersecurity. It is crucial to protect their businesses from bad actors and maintain trust in an increasingly digital world."
[1] 1USD = THB36.24 (as of 15 July 2024)