One in four companies globally have suffered a data breach that cost them US$1 - 20 million or more in the past three years

Jakarta, 17 April 2023 - One in four companies (27%) globally have suffered a data breach that cost them US$1- 20 million or more in the past three years, according to PwC’s annual Global Digital Trust Insights Survey, which surveys more than 3,500 senior executives across 65 countries. 

Focusing on Southeast Asia, PwC’s Digital Insights Survey: A Southeast Asia Perspective - which canvassed the views of 122 business, technology and cybersecurity executives across Southeast Asia -  despite cyber attacks potentially continuing to cost businesses millions of dollars, in Southeast Asia, only 17% of businesses have fully mitigated their digitalisation-related cybersecurity risks. This includes, enabling remote and hybrid work (43%); accelerated cloud adoption (43%); increased use of internet of things (34%) and increased digitisation of supply chain (32%).

For executives surveyed, cloud-based pathways (47%) and web-based applications (46%) are expected to pose the biggest cybersecurity risks for Southeast Asia organisations. Cybersecurity of the supply chain is also an important concern, with software supply chain compromise (26%) anticipated to among attacks firms expect to significantly increase in 2023 compared to 2022.

Disclosure of cyber incidents is favoured

Over half of Southeast Asia board members (52%) polled cited that an increasingly critical driver of board involvement in the region is the heightened demand for external reporting for disclosures of cyber incidents and practices (52%). Though most board members are not cybersecurity domain experts, they are expected to understand, govern and mitigate these risks.

Raymond Teo, Cyber Leader, PwC South East Asia Consulting said: “Data breaches are a pervasive threat in today’s digital world. As cyber threats continue to increase in frequency and sophistication, a holistic approach to cybersecurity has become a top priority for C-suites and boards. Companies are strengthening their cyber defences and regulators are applying pressure to improve cyber resilience and build public trust.”

Most organisations are increasing cyber budgets

The majority of businesses in Southeast Asia surveyed said their organisations are continuing to increase their cyber budgets – 78% expect their cybersecurity budgets to increase, as compared to 65% of firms globally who echoed this sentiment. Increasing budgets reflect the fact that cybersecurity tops the agenda for resilience planning. 

Chairil Tarunajaya, PwC Indonesia Risk Consulting Leader, added, “Security and governance are one of the areas that restrict the ability of Indonesian companies to use data for decision making that resulted in 63% of the respondents, the same as in Malaysia and Singapore. With this condition, Indonesian companies are planning to adjust their cyber budget in 2023 by increasing by 5% or less (26% respondents), by 6-10% (21% respondents), and even expanding their budget to 11-14% (18% respondents).”

Concern with cyber extends to the top of organisations. Almost 80% of Southeast Asian board members say their companies’ growing exposure to cyber risks due to increased digitalisation has been the chief influencing factor in their decision to become more personally involved in cyber matters – almost 10% more than in other regions. To fill gaps in their subject knowledge, Southeast Asian leaders are focusing on improved reporting mechanisms (69%) and more internal and external training for board members (53%). 

It’s not hard to see why cyber continues to move up the corporate agenda. The cost of cyber breaches goes much further than direct financial costs, according to execs surveyed. One serious repercussion includes customer mistrust which could potentially lead to reputational and financial damage. However, only 42% surveyed cited that their organisation has fully mitigated the cybersecurity risks associated with increased data volumes in the last 12 months. 

Raymond Teo concluded: “Despite all the progress that organisations have made in improving their cybersecurity programs, our survey shows there is a lot more to do. There are three things that need to be put in place to keep pace with digital transformation and help build public trust: a strategic risk management program, continuity and contingency planning, and clear, consistent external reporting.”