Protecting corporate and personal data has become a necessity for modern businesses in Southeast Asia (SEA), especially for the past two years. Unfortunately, with new threats emerging during the pandemic and the extended period of remote work it introduced, businesses have to tackle both internal financial risks and external cyber threats.
According to Kaspersky in its ‘IT Security Economics 2021: Managing the trend of growing IT complexity’, the findings showed that despite new threats, the costs of data breaches didn’t grow excessively in 2021 worldwide.
A total of 4,303 interviews from businesses with more than 50 employees were conducted across 31 countries in May-June 2021. Respondents were asked about the state of IT security within their organisations, the types of threats they face and the costs they have to deal with when recovering from attacks.
Throughout the report, businesses are referred to as either SMEs (small and medium sized businesses with 50 to 999 employees), or enterprises (businesses with over 1,000 employees).
Kaspersky, in this research, discovered only a small 4% increase in the financial impact of data breaches for SMEs (US$105,000 in 2021, compared to US$101,000 in 2020), and a notable 15% decrease for enterprises which fell to US$927,000 from US$1.09 million in 2020, below the previous lowest figure from 2017 (US$992,000).
In Southeast Asia, the average cost of a data breach against an enterprise increased slightly at US$716,000 this year from US$710,000 in 2020. There is, however, a huge drop when it comes to the financial impact against SMEs. From US$92,000 two years ago, it is only at US$74,000 in 2021.
“The significant drop in the cost of data breaches against SMEs here is due to the fact that some of these businesses had to close shops during the height of this health emergency. It took a while before they are able to re-open and start their recovery. The financial impact of data breaches against enterprises has not skyrocketed as we continuously see improvements on businesses’ detection capabilities,” said Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky.
“During our customer interactions and also due to the increased media coverages about cyberattacks, more companies are now aware of the price they may pay if they let their guards down. However, once an attack was exposed to the press, the aftermath significantly increases. Reputational impact comes into play and this proves to be more damaging than the upfront monetary aftermath.”
The average breakdown of the additional cost of a data breach against an enterprise in the region showed that the bulk of the money goes to improving software & infrastructure (US$98,000), extra PR to repair brand damage (US$93,000), training existing staff (US$90,000), employing external professionals (US$88,000) and damage to credit rating or insurance premiums (US$84,000).
Meanwhile, another research from Kaspersky – “Mapping a secure path for the future of digital payments in APAC” – found that almost half (42%) of users in Southeast Asia will not purchase from an e-commerce provider or any seller which was subjected to a data breach or any form of cyberattack.
A company’s history with data leaks also plays a role when users are choosing their mobile wallet. Almost two in five noted that they will opt for a digital payment provider that was not involved in any kind of data breaches or attacks before.