For the first time, cybersecurity has emerged as a leading risk for businesses in Asia-Pacific and around the world, according to the 2020 Allianz Risk Barometer Survey. The survey, now in its ninth year, found that 35 per cent of Asia-Pacific risk-management executives ranked cyber incidents, or cyber threats, as the most important business risk, followed by business disruption, which was cited by 34 per cent of respondents.
The Allianz poll found cyber incidents were listed among the top three risks that businesses faced in 80 per cent of countries surveyed. It was the top concern among US, Indian and South Korean risk managers. In Hong Kong, however, cybersecurity dropped from first place last year to seventh this year, with political risk and violence emerging as the No. 1 concern. The survey was conducted in October and November 2019, amid the Hong Kong anti-government protests.
The awareness of cybersecurity issues has risen alongside costs associated with successful cyberattacks. In 2013, cyber incidents ranked just 15th among risk managers’ concerns.
“While 2019 saw no major global cyber incidents in the vein of past events like WannaCry and NotPetya, businesses are increasingly cognisant of the costs associated with being a victim of a cyberattack,” said Mark Mitchell, regional chief executive, Asia-Pacific of Allianz Global Corporate and Specialty, a division of the Allianz Group.
A 2019 IBM study on the cost of data breaches said the average cost per data breach was about US$4 million, and that the health care industry had the highest costs associated with such a breach, at about US$6.5 million. Costs associated with data breaches had risen 130 per cent in the past 14 years. Most data breaches were the result of malicious cyberattacks, according to the IBM report.
A 2018 study by US-based Identity Theft Resource Center found that US financial services companies were hackers’ favoured targets, with financial services companies 300 times more likely to face cybersecurity incidents than companies in other industries. Check Point Software Technologies, an Israeli cybersecurity firm, said in its 2019 midyear report that it had found a 50 per cent increase over 2018 in malware devoted to mobile banking.
In Hong Kong, seven virtual banks are due to start operations this year, and the Hong Kong Monetary Authority has just announced that half of Hong Kong residents are now signed up to its Faster Payment System, which allows money transfers between bank accounts through mobile phones.
The HKMA was aware of cybersecurity risks, said Ricky Woo, chief information security officer for DBS Bank (Hong Kong) and convenor of the Cyber Security Specialist Group of Hong Kong Computer Society.
The shortage of talent [in Hong Kong] is one of the most critical issues we are facing right now
Ricky Woo, convenor, Cyber Security Specialist Group of Hong Kong Computer Society
But the problem for Hong Kong was an acute shortage of cybersecurity personnel, he said. Woo cited research by ICS2, a professional organisation for such personnel, that showed a need for four million more cybersecurity people globally, with 64 per cent of the need in Asia-Pacific.
“The shortage of talent [in Hong Kong] is one of the most critical issues we are facing right now,” Woo said. He added that in the second half of 2019, Hong Kong’s new virtual banks had poached cyber people from banks and the Big Four accounting firms to meet HKMA requirements.
He added that some China-based companies with operations in Hong Kong had seen a 300 per cent increase in hacking attempts during the onset of the US-China trade war and the protests in Hong Kong.
This month, Dr Dorit Dor, vice-president at Check Point, said in a report for the World Economic Forum, that as the United States and China decouple their economies, cyber risks will increase as cyberattacks become a form of corporate and national warfare. The adoption of fifth-generation internet networks and internet of things would further increase cybersecurity risks, she said.
“Incidents are becoming more damaging, increasingly targeting large companies with sophisticated attacks and hefty extortion demands. Five years ago, a typical ransomware demand would have been in the tens of thousands of dollars. Now they can be in the millions,” said Marek Stanislawski, deputy global head of cyber for Allianz Global Corporate and Specialty.
More from South China Morning Post:
- Allan Zeman says he’s open to cutting rents to help Hong Kong businesses get through protest turmoil
- Hong Kong businesses affected by vandalism and arson during protests seen filing up to HK$600 million in insurance claims