Businesses in Asia Pacific are feeling the impact of cyberattacks, and in Australia 72% of businesses reported experiencing a cyber incident – much higher than the average of 59% across the APAC region.
That's according to the new‘State of Incident Response: Asia-Pacific’ report from Kroll.
The research finds that data loss is the greatest concern for Australian businesses, with 61% concerned about it, despite the fact business interruption was reported as having the greatest impact (47%), ahead of data loss and reputational damage (both at 39%).
The research also found that companies in Australia are the least likely in APAC to have an incident response plan in place. Incident response plans are a critical aspect of boosting cyber resilience, as it establishes a clear, measurable incident response playbook that sets out specific steps to follow in the event of an attack.
More than half of businesses in Australia are prioritising five key measures to address the cyber security threats. Their top five priorities in order are: buying hardware and software security tools (59%), increased budget and spending (56%), with training, monitoring and moving to the cloud all given the same priority (52%).
“Some of these numbers do not make comfortable reading for corporate Australia," says Alex Nixon, Senior Vice President and the head of Cyber Risk for Australia at Kroll.
"We come third across the region in terms of the most cyber security incidents, and while the majority of organisations are investing more budget and buying more hardware and software security tools, we are lagging in other areas," he says.
"We should all be concerned we’re bottom of the list regionally for incident response planning, something the government is encouraging every major organisation to participate in.
"The report shows cyber risk has never been more important and that business interruption, data loss and reputation damage are the key factors we should all be preparing for.”
According to the report, in response to a cyber incident, 36% of organisations in APAC did not have an incident response playbook, a plan or policies in place, 38% did not have an appointed a data protection officer or access to cyber security specialists on a retainer in APAC.
The two most cited impacts of a cyber incident were data loss (51%) and business interruption (49%), the report found. And in order to address cybersecurity threats, the majority of organisations were planning to increase budgets (64%) and were moving to the cloud (65%).
“Businesses have unsurprisingly focused on continuity and operational stability during the pandemic, but we’d urge more to consider scaling up response plans and investment in cyber expertise to prepare for ‘when’ rather than ‘if’ and incident occurs," says Paul Jackson, Regional Managing Director of Asia-Pacific, Cyber Risk, Kroll.
"Building ‘muscle memory’ in response to cyber incidents will go a long way to reducing the impact of cyberattacks and enable businesses in APAC to recover more quickly. After all, the worst time to plan for an attack, is during one.”