Cyber incident impact sits at over $500,000 for half of small to medium APAC businesses

51% of Asia Pacific small to medium-sized businesses that were hit with a cyber incident in the past year saw the cost of that incident exceed $500,000, according to a survey conducted by Cisco.

Sampling 3,750 businesses employing between 10 and 999 employees in 14 countries around the region, Cisco said 83% reported an incident in excess of $100,000, and 13% had an incident cost more than $1 million. The survey was conducted between April and July.

In Australia, where 306 qualifying businesses responded, the numbers were more stark, with 64% reporting an incident costing over $500,000, and 33% saying they were hit more than $1 million in cost.

For businesses that ran simulation exercises, Cisco said 85% of respondents found issues in their defences.

"Of those that identified weaknesses, 95% said the exercises revealed issues with not having the right technology solutions in place to detect a cyber attack or threat. The same number found they had too many technologies and struggled to integrate them together, while 96% discovered they did not have the right technology solutions to block an attack," the company said.

The main vector that attacked the sampled businesses was malware, which was used 85% of the time and led to 75% of attacks getting customer information, 62% finding internal emails, and 61% of attacks hitting employee data, intellectual property, or financial data.

In its 2020-21 annual report released earlier this week, the Australian Signals Directorate (ASD) said it has seen a 15% increase in ransomware attacks over the past year.

"ASD responded to more than 1,630 cybersecurity incidents during 2020–21. Compared to the previous financial year, the total number of cybersecurity incidents in the 2020-21 financial year decreased by 28%," it said.

"A higher proportion of cybersecurity incidents this financial year were categorised by the ACSC as 'substantial' in impact. This change is due in part to an increase in attacks by cybercriminals on larger organisations and the impact of these attacks on the victims. The attacks included data theft, extortion, and/or rendering services offline."

Thanks to the pandemic, ASD said it has shifted more of its workforce to flexible and home-based work and taken down 7,700 sites that were hosting "cybercrime activity" related to COVID-19.

Related Coverage

• Ransomware attackers targeted this company. Then defenders discovered something curious
• McAfee/FireEye merger completed, CEO says automation only way forward for cybersecurity
• Amazon, Google, Microsoft and other tech giants establish Trusted Cloud Principles
• Cisco sets hybrid work plan with no mandates for time in office