The State of Incident Response report sets out how the Asia Pacific (APAC) market has been impacted by vulnerabilities, highlights incident patterns for the region and proposes actionable priorities for the future.
Our research finds that businesses in APAC are feeling the impact of cyberattacks, but many are yet to build out appropriate response plans or have regular access to relevant cyber expertise.
Over half of all organizations interviewed in APAC (59%) have experienced a cyber incident, of which a third (32%) have suffered multiple incidents. This compares to 93% of organizations which had suffered a compromise of data in the U.S. during a 12-month period, according to a previous survey commissioned by Kroll.
It is worth noting, however, that the regulatory landscape and data protection in APAC is generally less established than in developed markets such as the U.S. and thus this may understate the number of cyber incidents being reported.
Despite the volume of cyber incidents, more than a third (36%) of organizations do not have a response plan if an incident were to occur, which leaves companies at the risk of being unable to handle an incident effectively and of being vulnerable to further attacks.
Regional Breakdown of Businesses that Have Experienced a Cyber Incident
There is some measure of relevant representation of cyber expertise at senior levels across the companies surveyed, with 62% companies reported appointing a data protection officer and a similar percentage had cyber security specialists on a retainer. This, however, still leaves more than a third of companies in APAC (38%) without cyber security specialists to call in the event of an incident.
The need for security expertise at senior levels within an organization is increasingly being recognized, with many chief information security officers (CISOs) now presenting cyber agenda directly to the board.
Recently, the Securities and Exchange Commission (SEC) in the U.S. proposed mandatory cyber representation on boards subject to their regulation. While the regulatory landscape in APAC may be less developed than the U.S., organizations would definitely benefit from having access to this expertise, whether it is in-house, on retainer.
Common Causes: The most cited cause of a cyber incident across APAC was malware, which includes ransomware, spyware, viruses, etc. The top three causes, which include phishing and password attacks, account for over half of all incidents reported.
Cause of Reported Cyber Incidents
Cyber Security Concerns Are Aligned With the Impact of Actual Incidents
Data loss (51%) and business interruption (49%) were the two most cited impacts of a cyber incident and, predictably, they are also the top cause of businesses’ concern, with data loss being the primary worry (70%), followed by business interruption (58%). Out of the types of impact reported from cyber incidents, these were arguably the most operational in nature.
There are signs, however, that organizations are starting to understand the longer-term consequences of cyber incidents. Reputational damage, for example, is cited as a less common impact of an incident (31%), but half of the leaders who were surveyed (50%) are concerned about it.
To minimize the threat of a cyber incident, organizations are not only taking advantage of hardware and software security tools (70%) and monitoring the endpoints, network, systems and applications (69%) but also conducting regular training (67%) for the business to stay aware of potential threats.
In addition, nearly two-thirds (64%) of organizations interviewed are increasing their budgets or spending to address cyber security threats. Overall, more than half of the companies in this region are willing to invest resources to prevent operational disruption from cyber incidents.
Measures Implemented to Address Cyber Security Threats
Cyber security professionals in multinational organizations said that they expect to prioritize incident management in the coming two years, with a growth in investment priority increasing from 26% to 39%. By comparison, the largest growth area for Pan-Asian companies is mobile working policy, increasing from 20% two years ago to 34% in two years’ time.
As this survey was conducted in March and April 2022, during a period when many Asian countries were still experiencing strict COVID-19 measures. The difference in investment focus could perhaps indicate a broader trend where Pan-Asian companies are still recovering from the operational impact of the pandemic, such as a material shift to remote working. Conversely, multinational organizations were possibly more able to adapt to a new paradigm in working conditions—and the security requirements needed to support it—and thus could prioritize incident response management.
There has been a shift in attitude in recent years relating to incident response as observed. More than ever before, organizations with a more developed perspective on cyber risk are preparing for when an attack might happen, rather than whether it might happen. This could be the reason for an increasing interest in incident response retainers and managed detection and response (MDR). MDR adds another level of assurance by having experts monitor your entire fleet of computers and respond to any incident on a 24x7 basis.
Pan-Asian companies may still be getting to grips with a distributed infrastructure brought about by working conditions imposed by the pandemic, but there is a clear appetite to be better prepared.
How Prioritizing Incident Management is Changing Over Time, by Business Type
How Prioritizing a Mobile Working Policy is Changing Over Time, by Business Type
Companies around the world have been moving to the cloud for some time now. The ability to manage a more effective remote workforce thanks to the collaboration advantages, while reducing costs—for example, around storage—has become an attractive proposition for many. The proportion of those transitioning to a cloud environment is fairly consistent, two years ago (41%), compared to now (44%) and what is projected for two years’ time (40%).
There are also security benefits of moving to the cloud, from access control to data visibility. It’s worth noting, however, that although 65% of survey respondents had moved to the cloud to address cyber security threats, achieving security in the cloud is often not that simple.
Transitioning to a cloud environment does not come without complexity; many organizations require specialist skills to migrate to a cloud environment effectively and securely.
Failing to do this can have quite the opposite effect, whereby gaps can be introduced due to a poor deployment. In an incident response scenario, a cloud environment can also become obfuscating as companies struggle to gain access to their cloud logs that could provide insight into how and what has been targeted in a cyber incident.
To overcome this, organizations should look to experts to guide, test and assess their cloud environments for gaps in security controls. They should also have detailed incident response plans, which are regularly simulated, to build confidence that the cloud infrastructure enables response rather than hinders it.
Across the board, countries and cities across APAC could be more resilient to cyberattacks if they had more robust incident response plans in place and had more readily available access to experts. This would help them address immediate cyber requirements, such as a breach incident, as well as consider cyber security for transitions over a longer-term basis, such as moving to a cloud-based infrastructure.
As we analyze each market, however, there are some similarities and differences that should be recognized.
For specific findings and detailed overviews of the threat landscape for seven markets surveyed, please refer to the charts below.
Adopting a proactive approach to cyber security can seem daunting, however, a pragmatic and structured roadmap with clearly defined steps can not only enhance security but also deliver peace of mind. Please refer to Kroll’s 10 Essential Cyber Security Controls, which includes:
Global business continues to feel the impact of an onslaught of cyberattacks, and APAC is no exception, with 59% of organizations reporting an attack and 32% reporting multiple attacks. There is a further risk that this number will increase as the regulatory landscape continues to evolve and more incidents are reported.
Incident response plans, policies and recovery plans are invaluable when it comes to surviving a cyberattack, as is having access to experienced personnel. Currently, only two-thirds (64%) of organizations surveyed have plans in place, and a fraction less than that have access to cyber security specialists (62%), leaving around a third of businesses without sufficient plans or expertise to navigate an attack.
Businesses have unsurprisingly focused on continuity and operational stability during the pandemic, but Kroll now urges businesses in these regions to consider scaling up response plans and investment in cyber expertise. It will enable them to remain resilient and recover quickly if an attack does occur, paying dividends in the long run.
Incident response, digital forensics, breach notification, security strategy, managed security services, discovery solutions, security transformation.
Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.
Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.
Kroll’s field-proven incident response tabletop exercise scenarios are customized to test all aspects of your response plan and mature your program.
Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.
Validate your cyber defenses against real-world threats. Kroll’s world-class penetration testing services bring together front-line threat intelligence, thousands of hours of cyber security assessments completed each year and a team of certified cyber experts — the foundation for our sophisticated and scalable approach.
Kroll’s Virtual CISO (vCISO) services help executives, security and technology teams safeguard information assets while supporting business operations with augmented cyber expertise to reduce business risk, signal commitment to data security and enhance overall security posture.
Kroll’s elite security leaders deliver rapid responses for over 3,000 incidents per year and have the resources and expertise to support the entire incident lifecycle, including litigation demands. Gain peace of mind in a crisis.
