'10 years' before Asia's biz security catches up to US

Security readiness of Asian companies held back by low level of awareness and lack of frameworks, but strengthening of laws in region will help it catch up with the west, Chartis exec says.
Written by Ryan Huang, Contributor

SINGAPORE--Asian companies are generally unprepared for cyberattacks compared to their American counterparts due to a lack of awareness from senior management, as well as slower development of regulations in the region pushing the agenda.

Chartis' vice president for Asia-Pacific, Ian Pollard, said: "It will take at least 10 years before Asian companies catch up with the U.S. in terms of cybersecurity readiness, not necessarily because of complacency, but partly due to lower awareness."

Speaking on the sidelines of a media roundtable held here Tuesday, Pollard pointed out that cyberattacks--often in the form of data breaches and network intrusions--can impact business operations. "This can result in lost productivity, legal expenses, third party liabilities, exposed intellectual property, and damage to a firm's reputation," he said at the briefing.

He cited a Unisys Security Index report from 2011 that suggested over three quarters of people would cease working with an organization in the event of a security breach. Chartis also pointed to other industry research which indicated share prices would drop an average of 5 percent in response to market notification that there had been a network security breach.

Asian firms lag, but awareness growing
While Asian firms are still lagging behind in terms of readiness against cyberattacks, progress is expected to accelerate with the development of legislation and penalties governing privacy and security, noted Gigi Cheah, partner at legal firm Norton Rose, who was also at the briefing.

"There is increasing regulation and higher awareness of the need to protect data in Asia, mirroring the strengthening of privacy and security legislation," said Cheah, who is also the company's Asia lead for technology and data privacy.

She noted how penalties imposed for an organization's failure to adequately safeguard data were increasing with proposed changes to the European Union's data protection regulation, including a maximum fine of 2 percent of the offending company's global annual revenue.

"In 2009, there were just a handful of countries with data privacy laws. Fast forward to 2012, more countries have been jumping on the bandwagon, such as Vietnam and China," Cheah pointed out. "Singapore is also set to introduce new regulations with penalties as high as S$1 million (US$1.25 million)".

Pressing need to be prepared for threats
The threat level against businesses is set to pick up with the rapid adoption of mobile computing, social media use and consumerization of IT, noted Eric Lam, Symantec's enterprise director for risk and compliance for Asia-Pacific and Japan, who sat on the roundtable.

Ken Low, director of enterprise security
for Asia-Pacific at Trend Micro, with other panelists

Ken Low, director of enterprise security for Asia-Pacific at Trend Micro, underscored the increasingly pressing need for businesses to be prepared for cyberattacks.

Citing his company's research, he said there were at least 3.5 new threats every second, or 12,600 threats per hour, worldwide. "By 2016, this is expected to grow to around 15,000 threats per hour," added Low, who was also at the briefing and is chairman of the Cloud Security Alliance's Asia-Pacific executive council.

"Businesses are increasingly adopting cloud infrastructure for mission-critical information storage. This trend, coupled with the increasing number of cloud-specific attacks, makes it critical for organizations to look at protecting their corporate and hybrid data.

"It is impossible for a company to thwart every single attack by themselves. They will need to accept a level of loss," Low said, adding that one way to mitigate this is to purchase insurance for cyber liabilities.

Cyber insurance coverage to mitigate business risks
According to Chartis's Pollard, there is increasing need for such insurance coverage in the region. He added that the insurance company's offerings in the Asia-Pacific region include cyber coverage.

One of its insurance products, called CyberEdge, is designed to address the consequences of losing corporate information and personal data from cyberattacks, he said. It covers potential third-party liabilities, as well as related legal and public relations-related expenses. Chartis appointed Norton Rose as its preferred legal firm and partnered public relations agency, Grayling, under this product offering, he added.

Editorial standards