Organisations urged to shore up defences
Over half the Thai organisations polled in a survey reported more than 10 cybersecurity incidents in the past year as well as multi-million dollar losses, according to US-based connectivity cloud company Cloudflare Inc.
A data breach report commissioned by IBM revealed the global average cost of a breach reached an all-time high of US$4.45 million in 2023.
“Over the past year, we’ve witnessed a rise in cybersecurity incidents across the Asia-Pacific, with a huge proportion targeting businesses in Thailand — more than anywhere else in the region,” said Jonathon Dixon, vice-president and managing director for Asia-Pacific, Japan and China at Cloudflare.
Thai businesses need to bolster their cybersecurity infrastructure in order to cope with the increasing complexities of a distributed workforce.
The company released a report entitled “Securing the Future: Asia Pacific Cybersecurity Readiness Survey”, which was conducted by Sandpiper Communications on behalf of Cloudflare. It surveyed 4,009 cybersecurity decision-makers and leaders from small to large companies from a wide range of industries and based in 14 markets across Asia-Pacific including Thailand. The number of respondents taking part varied from country to country, ranging from 203 to 426.
The study found 57% of Thai respondents reported more than 10 cybersecurity incidents in the last year. Respondents also cited the planting of spyware as the primary goal of cybercriminals, followed by financial gain and ransomware.
Despite the frequency of cybersecurity incidents in Thailand, 48% of respondents indicated they were highly prepared to prevent them. A lack of awareness around increased risk among employees (52%) was the biggest challenge that respondents from Thailand faced with regards to cybersecurity preparedness.
Cybersecurity incidents proved costly for organisations in Thailand, with a staggering two-thirds, or 65% of respondents, incurring a financial impact of at least $1 million in the last 12 months.
Mid-sized organisations were hit harder, with 76% of respondents indicating they suffered a financial impact of at least $2 million within the same timeframe. Apart from financial losses, respondents also referred to reputational damage, along with the loss of customers as the biggest impact on their business.
The aftermath of cybersecurity incidents further extends to organisational operations, with 38% of respondents saying their organisations reduced or restricted hybrid work, laid off staff, and put growth plans on hold. Only 33% of respondents said their organisation reported breaches to the relevant authorities.
Preparedness is key — business leaders need to treat cybersecurity as a strategic imperative across all levels of the organisation. Employee education to raise awareness of the risks present is also essential in ensuring the company is well-protected against future threats, according to the report.
According to another report entitled “Cost of Data Beach report 2023”, conducted independently by Ponemon Institute and sponsored, analysed and published by IBM Security, the global average cost of a data breach reached an all-time high in 2023 of $4.45 million, representing a 2.3% increase from the cost reported in 2022.
Taking a long-term view, the average cost has increased 15.3% from $3.86 million in the 2020 report.
The report studied 553 organisations impacted by data breaches that occurred between March 2022 and March 2023. The study was conducted across 16 different countries and regions including Asean.
At least 51% of organisations plan to increase security investments as a result of a breach.
While data breach costs continued to rise, participants in the survey were almost equally split on whether they plan to increase security investments because of a data breach.
The top areas identified for additional investments included incident response (IR) planning and testing, employee training, and threat detection and response technologies.
Security AI and automation were shown to be important investments for reducing costs and minimising the time required to identify and contain breaches. Organisations that used these capabilities extensively within their approach, on average, took 108 days less to identify and contain the breach.
They also reported that the costs involved were $1.76-million less than the costs reported by organisations that didn’t use security AI and automation capabilities.
In terms of targeted industries, healthcare continues to experience the highest level of data breach costs among all industries, rising from $10.1 million in 2022 to $10.9 million this year.