Organisations are failing to prepare appropriately for increasingly common cyberattacks, says global consulting firm PwC.
"While companies globally and in Thailand invest in some of the most advanced technologies, they are simply forgetting to look at cybersecurity in their own backyard. This has put them at risk and is holding back most companies from growth," said Vilaiporn Taweelappontong, lead consulting partner of PwC Thailand.
Many organisations worldwide still struggle to comprehend and manage emerging cyber-risks, according to PwC's 2018 Global State of Information Security Survey, which was based on responses of more than 9,500 senior business and technology executives from 122 countries.
Some 40% of survey respondents cite the disruption of operations as the biggest consequence of a cyberattack, 39% cite the compromise of sensitive data, 32% cite harm to product quality, and 22% cite harm to human life.
Executives are aware of the risks that cybersecurity breaches pose, but are largely unprepared to deal with them. Close to half say they don't have an overall information security strategy, and 48% percent say they do not have an employee security awareness training programme. More than half say they do not have an incident response process.
Interdependence drives global risk
Developed economies like Japan, the US, Germany, Britain and South Korea are concerned about cyberattacks from other countries.
Tools for conducting cyberattacks are proliferating worldwide. Smaller nations are aiming to develop capabilities like those used by larger countries, and the leaking of the US National Security Agency hacking tools has made highly sophisticated capabilities available to malicious hackers.
When cyberattacks occur, most victimised companies say they cannot clearly identify the culprits. Only 39% of survey respondents say they are very confident in their attribution capabilities.
The soaring production of insecure Internet-of-Things devices is creating widespread cybersecurity vulnerabilities. Rising threats to data integrity could undermine trusted systems and cause physical harm by damaging critical infrastructure.
Meanwhile, there is a large disparity in cybersecurity preparedness among countries. The frequency of organisations possessing an overall cybersecurity strategy is particularly high in Japan (72%), where cyberattacks are seen as the leading national security threat, and Malaysia (74%), according to the survey.
In May 2017, G7 leaders pledged to work together and with other partners to tackle cyberattacks and mitigate their impact on critical infrastructure and society. Two months later, G20 leaders reiterated the need for cybersecurity and trust in digital technologies.
Next steps for business leaders
To develop an effective cybersecurity strategy senior leaders must take ownership in building cyber-resilience. Setting a top-down strategy to manage cyber and privacy risks across the enterprise is essential. While developing an effective strategy can be costly at first, achieving greater risk resilience is a pathway to stronger, long-term economic performance, said PWC.
Most importantly, industry and government leaders must work across organisational, sectoral and national borders to identify, map, and test cyber-dependency and interconnectivity risks as well as surge resilience and risk management, said the firm.
"Few business issues permeate almost every aspect of business and commerce like cybersecurity does today," said David Burg, global cybersecurity leader at PwC. "Public-private coordination is critical to effectively addressing cybersecurity."
"With this in mind, Thai firms must rethink their cybersecurity strategies and have proper measures in place to become successful and grow," said Ms Vilaiporn.
