Cloud-related threats are among the top three cyber concerns for 51% of Asia Pacific organisations over the next 12 months, according to PwC’s Digital Trust Insights Asia Pacific 2024

Jakarta, 8 August 2024 – Corporate focus on cybersecurity has deepened over the years in Asia Pacific. In most companies, cybersecurity budgets are set to expand further in 2024, according to PwC’s 2024 Digital Trust Insights: Asia Pacific report. This report is the Asia Pacific cut of PwC’s flagship Global Digital Trust Insights survey.

The Asia Pacific edition - which canvassed the views of 683 business and tech leaders across Asia Pacific - also found that companies are viewing the rise of Generative AI with a mixture of scepticism and excitement, and many are bulking up investments in cybersecurity to protect against cyber-attacks. Organisations in the region are also keenly aware of how cyber-attacks can damage reputations, customer confidence and operations, leading to losses of real and potential business opportunities. The number of mega breaches in Asia Pacific has increased, with 35% of organisations experiencing data breaches costing anywhere from US$1 million to US$20 million over the last three years.

Subianto, PwC Indonesia Chief Digital & Technology, said, “As the data breach continues to rise and become more costly, organisations need to pay more attention to the cyber resilience and integrate the cyber initiatives into their resilience strategies and initiatives. It is imperative to test the incident responses that are being put in place ensuring they are operating effectively as well as back-ups for the information that are considered important.”

Setting the tone from the top through changes in boardroom agendas

With cybersecurity risks intensifying, 54% of organisations ranked the threat of losses of customer, employee and transaction data as their top concern while 46% of businesses are more concerned about cyber threats’ impact on company brand and revenues. The multifaceted nature of organisational-wide cyber threats has meant that this issue is now dominating boardroom agendas, with a massive 95% of firms having brought in board members with deep experience in reporting on cyber risk exposure and mitigation measures. Board meeting minutes devoted to cybersecurity risk have also increased. Board level scrutiny will likely only increase over time, given the rising momentum for cybersecurity legislations and data protection laws in multiple jurisdictions across Asia Pacific. These are expected to inflate compliance costs – as noted by 42% of respondents – while also placing organisations at greater risk of incurring significant fines.

Growing cloud and GenAI adoption in Asia Pacific

Today, digital transformation is viewed as non-negotiable for organisations striving to remain competitive, resilient and relevant to customers. According to the survey, cloud-related threats are among the top three cyber concerns for 51% of Asia Pacific organisations over the next 12 months.

Martijn Peeters, PwC Consulting Indonesia President Director, said, “Growth in public cloud adoption is faster in the Asia Pacific (APAC) Region compared to North America and Europe, with the six key APAC markets – Australia, India, Singapore, Japan, Indonesia and South Korea – growing at 25%. As businesses shift their applications over to the public cloud to improve productivity and explore new revenue streams, there is great potential for further growth in the coming years.”

Martijn added, "In fact for organisations who have already considered themselves cloud-powered, they are expecting to see continual revenue growth of >15% and are 4x less likely to face barriers in achieving their objectives like improving cyber posture or agility. Cloud service providers today also offer a suite of security best practices and services that can be adopted readily when organisations move to cloud."

Similar dynamics are occurring with emergent technologies like Generative AI (GenAI). GenAI has the potential to be immensely impactful in the cybersecurity space by accelerating the pace at which security teams can identify risks and threats, thus levelling the playing field against intensifying attacks from bad actors. More than 69% of respondents highlighted that they will use GenAI for cyberdefence in the next 12 months and 47% respondents said they are already implementing GenAI for cyber detection and mitigation. Tellingly, 21% of respondents are already seeing benefits to theircyber programmes because of GenAI.

Increasing focus on upskilling to overcome the costs of cyber threats

Organisations are aware of the problems of over-relying on third-parties: 63% of organisations acknowledge the need to rebalance between in-house capabilities and outsourced or managed services. Given the diverse skills needed to combat complex cyber threats, leaders in Asia Pacific are focused on upskilling (70%) and retaining or identifying key talent (51%) as pathways to bringing their tech needs under their control and purview, which could reduce their overall need to hire external vendors. There may also be a need for reskilling as organisations prepare workforces to manage new roles and responsibilities emerging from greater digitalisation, and inevitably, to combat against increased cyber threats.

Mitigation strategies adopted by businesses to address third-party risks

As businesses start to build the resources to take an integrated risk management approach to fortify its cybersecurity architecture and to foster stronger resilience, leaders can begin by focusing on these key strategies:

• Establish shared strategy and objectives throughout the organisation, ensuring these goals cut across subject matter, function and level
• Align related risk subjects across different functions to embed synergy and power better cross-organisation decision-making for better accountability and awareness at all levels
• Establish more board oversight and accountability for cyber risks
• Integrate cyber risks into the organisation’s overall risk framework, with the help and support of security leaders on-the-ground
• Develop a comprehensive workforce strategy that prioritises organisation-wide digital upskilling initiatives and talent development, balanced with the use of third-party subject matter experts
• Identify and emphasise investment in tech assets that have the most business and security impact in the long term