Cyberattacks are costly affair in the Asia-Pacific region, where companies hit by security attacks suffered losses averaging US$763,000 each in 2009, according to a study released Tuesday.
Commissioned by Symantec to highlight the state of enterprise security, the survey revealed that 38 percent of companies polled in the region, including Japan, ranked cyberattacks as their biggest perceived risk, ahead of other risks such as natural disasters, traditional crime and terrorism. This is in line with Symantec's global findings, where 42 percent agreed with their Asian counterparts.
The survey was conducted by Applied Research over the first two weeks of January 2010, and polled CIOs, CISOs and IT management professionals from 2,100 enterprises worldwide, 850 of which were from the Asia-Pacific region.
Some 75 percent of respondents in the region said their systems were hit by cyberattacks in 2009, with New Zealand the most hit at 100 percent, followed by Australia (82 percent), Japan (76 percent) and Hong Kong (75 percent); 66 percent of Singapore companies faced the same plight while Malaysia was the least affected at 50 percent, according to the report.
All of these companies, in the region as well as Singapore, suffered losses as a result of the security attacks, said Umnesh Deshmukh, director, endpoint security sales, Symantec Asia-Pacific & Japan in a phone interview.
Respondents in Singapore commonly cited losses in theft of intellectual property (IP), theft of other corporate data and system downtime, caused by the cyberattacks. This was a deviation from the Asia-Pacific and global findings, which listed theft of customer credit card information, theft of customer personally identifiable information and IP theft, as the top three areas of losses.
These attacks contributed to the monetary losses accrued by the APJ enterprises, while each Singapore company who experienced cyberattacks suffered losses amounting on average to US$495,000, noted Deshmukh. The region's median loss is still lower than the global average of US$2 million though.
Security increasingly difficult to implement
While security is a top priority among companies, such tools are becoming more difficult to implement due to several reasons, according to the report.
One of these is the lack of manpower, Symantec stated.
In Singapore, data loss prevention is the hardest hit due to understaffing among local companies, followed by network security, endpoint security, messaging security, incident response and security systems management, respondents in the country said.
Across the region, IT executives viewed security systems management as the most understaffed, with 45 percent of respondents highlighting this as a challenge. Vulnerability assessment and intrusion detection (44 percent) and network security (41 percent) were ranked the second and third, respectively, most understaffed area.
New IT initiatives are also complicating enterprise security.
Survey respondents pointed to infrastructure-as-a-service, platform-as-a-service, server virtualization, endpoint virtualization and software-as-a-service, as the top areas of concern.
As a result of these new initiatives, compliance has become a big issue among Asia-Pacific companies. According to Symantec, a typical enterprise in the region would have to explore 19 different IT standards or frameworks such as ISO (International Organization for Standardization), HIPAA (Health Insurance Portability and Accountability Act) and SOX (Sarbanes-Oxley), and implement eight of these in its company setup.
"Being able to deal with the sheer number of frameworks is one of the key issues faced by senior IT executives, as companies are not very clear of what security stance they should be adopting," said Deshmukh.
To better mitigate these security challenges, Symantec advised companies to better protect their infrastructure and data, develop and enforce IT policies, and automate compliance processes.
"Protecting information today is more challenging than ever," Francis de Souza, Symantec's senior vice president of enterprise security, said in the report.
"By putting in place a security blueprint that protects their infrastructure and information, enforces IT policies, and manages systems more efficiently, businesses can increase their competitive edge in today's information-driven world," he said.