Organisations in Asia-Pacific stand to lose as much as US$1.75 trillion if they are hit by cyber attacks that affect jobs, reputation and even share price, according to a study released today by Microsoft.
The figure is more than 7 per cent of the region’s total gross domestic product (GDP) of US$24.3 trillion, as such attacks grow in impact.
In Singapore, such cyber threats can cost organisations US$17.7 billion in economic losses, or about 6 per cent of the country’s GDP of US$297 billion.
The staggering numbers are drawn from both direct and indirect costs of attacks, according to research firm Frost & Sullivan, which was commissioned by Microsoft to survey 1,300 business and IT leaders across 13 markets in the region.
Besides coughing up money to restore affected systems after an attack, organisations suffer from a loss of reputation and customer churn, said Edison Yu, a vice-president at Frost & Sullivan.
Their share price might drop, resulting in fewer funds to draw on to compete, he noted, adding that jobs too are lost as a result of a serious attack.
A quarter of organisations in Asia-Pacific say they have faced a cybersecurity incident, while another 27 per cent say they are unsure if they had one because they have not performed forensics or data breach assessment, according to the study.
It also found that cybersecurity incidents have resulted in job losses in 67 per cent of affected organisations in the past 12 months, underlining the seriousness of the issue.
Many organisations still consider cybersecurity an afterthought instead of baking it into the design of a digital transformation plan, said Eric Lam, director for enterprise cybersecurity at Microsoft Asia.
At the same time, the complexity of having too many cybersecurity solutions is making it hard to manage a coherent defence against threats that come in many forms today, he told reporters at a briefing today in Singapore.
Indeed, the study found that more is not always better. Organisations with more than 50 cybersecurity solutions often find themselves struggling to recover as fast as those with fewer of such tools.
One way forward is to turn to artificial intelligence (AI) to help process all the data coming in, so human operators can better identify threats, Microsoft suggests.
Of course, going with a cloud platform that has all the tools already baked is a good idea, according to the company.
Its Azure cloud service would be a good place to start, it may add, since it has a good look at the threat landscape. Microsoft analyses 400 billion e-mails on Outlook and scans 1.2 billion devices each month, for example.
The problem, however, is that many organisations have already spent money and committed to various tools, from Web application firewalls to data loss prevention software.
This is so they could to be on the right side of stricter data protection regimes such as Europe’s General Data Protection Regulation (GDPR), which will be enforced from May 25.
Would they streamline these tools and hop onto a cloud platform that has many of such capabilities already baked in? The issue may have less to do with technology than people.
Companies that have seen their existing solutions in action may baulk at the thought of uprooting their setup and placing all their trust on a cloud provider.
However, just like the limitless computing power and storage that the cloud has brought to organisations, the same economies of scale and efficiencies can apply to cybersecurity as well.
That means organisations don’t have to fight alone with the limited resources at hand. Banding together to combat the cyber threats is what Microsoft and many other cloud companies are now banking on.