Asia-Pacific now on par with the rest of the world in cybersecurity standards

Asia-Pacific now on par with the rest of the world in cybersecurity standards

The Chief Information Security Officers’ role is evolving, facing new threats from social activists, and
continues to tackle challenges with budgets and proving performance results

 

Summary of key trends:

• Asia-Pacific has matched the rest of the world in meeting cybersecurity standards, and is now
better-equipped than ever in responding to threats (53% of Asia-Pacific respondents haven’t seen
an increase in number of destructive attacks over the past 12 months, compared with 41%
globally)

• The largest drivers of cyber attacks in Asia-Pacific are now by social activists (19%), creating new
challenges for organizations, exemplifying a shift away from traditional financial motives

• The role of Chief Information Security Officers (CISOs) is changing, with higher demands for
proactive “security by design” approaches, business acumen and more communication between
board members (only 48% of CISOs think their boards have the understanding they need to really
evaluate cyber risk).

• The most challenging aspect of managing cybersecurity operations in Asia-Pacific is procuring
budget or justifying budget (16%) and proving to C-suite that cybersecurity is performing in line
with expectations (15%).

 

February 21, 2020 – The developed and western markets have arguably always been a step ahead in
complying with cyber regulations, given the industry benchmarks are shaped by Europe’s General Data
Protection Regulation (GDPR) and the strict cyber laws in the US. But the latest EY Global Information
Security Survey 2019-2020, reveals that Asia-Pacific has now caught up in security protection terms, with
only 53% of respondents from the region seeing an increase in the number of destructive attacks over the
past 12 months – compared with 41% from global respondents.

 

Asia-Pacific is now also at a similar level as the rest of the world for level of board and executive
understanding on the needs and value of cybersecurity – with more than half of both global (58%) and
Asia-Pacific (54%) respondents agreeing. In addition, 57% of global respondents claim their cybersecurity
subcommittees now hold briefings with executive boards on a regular basis, with Asia-Pacific following
closely at 52%. Results suggest that Asia-Pacific is now better-equipped and more prepared to respond
to cyber threats.

 

Focus shifting to recognizing and managing risk

 

Kris Lovejoy, EY Global Advisory Cybersecurity Leader, comments: “The good news is that boards
and senior management are engaging more intimately with cybersecurity and privacy matters. In this era
of transformation, senior leaders are acutely conscious of their organizations’ vulnerabilities and the
potentially existential dangers posed by attackers.”

 

Richard Watson, EY Asia-Pacific Cybersecurity Risk Advisory Leader, adds: “But there is work to do.
Not only is cybersecurity an evolving risk, it also has to be confronted in the context of innovation and
change.”

 

In the midst of Asia-Pacific’s increasingly favorable standing in cybersecurity across the globe, a new type
of cyber threat driven by social activism is creating new challenges for organizations and CISOs. Activists
(sometimes referred to as “hactivists”), are now responsible for the highest number of disruptive cyber
threats to organizations in Asia-Pacific at 19%, while traditional crime gangs are responsible for 18%.
These results suggest a move away from traditional cyber attack motives such as financial gain.

 

Activist threats illustrate a new challenge for CISOs, who now have to recognize and be ready to manage
this new threat motive. Such motives require proactive risk mitigation, which means CISOs are required to
move beyond the defensive, reactive roles they might have played in the past, and those who are not well
integrated with the wider business will be unable to anticipate new threats and respond appropriately.
Currently, 41% of Asia-Pacific respondents say their cybersecurity teams are involved in new business
initiatives right from the start, compared with only 36% from global respondents.

 

A new CISO role is being defined

 

Richard Watson, comments: “Adapting a ‘Security by Design’ approach means that CISOs and their
colleagues across the organization – including functions such as marketing, R&D and sales – need to
form much closer relationships in order to improve overall business understanding of cybersecurity.”

 

CISOs need to continue closing the gap with executive boards. While 69% of boards see cyber risk as
significant, only 48% of CISOs think their boards have the required understanding to really evaluate cyber
risks. When considering activist threats, there is a disconnect between boards and CISOs, and CISOs are
not always kept in the loop with related business conversations to prepare and protect proactively. Only
less than half or respondents from Asia-Pacific say their organizations regularly schedule cybersecurity in
their agendas. 47% of respondents in Asia-Pacific say that their head of cybersecurity is a member of
their organization’s board or executive management team. Comparatively, only 36% of global
respondents say so.

 

Keith Yuen, EY Greater China Advisory Cybersecurity Leader, comments: “Bringing cybersecurity
into the planning stage of every new business initiative is the optimal model as it reduces the energy and
expense of triaging issues after-the-fact and builds trust into a product or service from the start. The new
CISO will require commercial expertise, strong communication skills and an ability to work
collaboratively.”

 

Currently, the most challenging aspect of managing cybersecurity operations in Asia-Pacific is “procuring
or justifying budget” (16%), followed by “proving to the board / C-suite that cybersecurity is performing in
line with expectations” (15%). The new skills required from the CISO, which includes commercial
expertise, will be accompanied well with strong communication skills, allowing them to work
collaboratively within an organization to communicate the value of cybersecurity by setting up clear key
performance indicators and board reporting systems.

 

Richard Watson, comments: “Organizations need to start developing a set of key performance
indicators and key risk indicators that can be used to communicate a risk-centric view in executive and
board reporting.”

 

For any queries and interview requests, please contact Roanna Leung (T: +852 2837 4786 / E:
[email protected]) or Tiffany Lau (T: +852 2837 4725 / E: [email protected]) Vikki
Tang (T: 3756 8641 / E: [email protected]).

 

About EY Global Information Security Survey 2019-2020

 

This year’s Global Information Security Survey is based on a survey of senior leaders at almost 1,300
organizations carried out by EY teams between August and October 2019. This was a global survey with
Europe, Middle East, India & Africa (EMEIA) accounting for 47% of respondents, the Americas 29%, and
the Asia-Pacific region 24%. Respondents included CISOs or their equivalents from across every industry
sector. Click here to download the full report, or visit ey.com for more information.
EY | Assurance | Tax | Transactions | Advisory

 

About EY

EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services
we deliver help build trust and confidence in the capital markets and in economies the world over. We
develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing,
we play a critical role in building a better working world for our people, for our clients and for our
communities. EY refers to the global organization, and may refer to one or more, of the member firms of
Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK
company limited by guarantee, does not provide services to clients. Information about how EY collects
and uses personal data and a description of the rights individuals have under data protection legislation
are available via ey.com/privacy. For more information about our organization, please visit ey.com.
© 2020 EYGM Limited. All Rights Reserved.

EYG no. 000823-20Gbl

This material has been prepared for general informational purposes only and is not intended to be relied
upon as accounting, tax or other professional advice. Please refer to your advisors for specific advice.
ey.com

SHARE THIS STORY

Share on facebook
Share on twitter
Share on linkedin
Share on email

RELATED POSTS

Companies that Might Accept Crypto Payments in 2022

Companies that Might Accept Crypto Payments in 2022

The cryptocurrency industry is growing rapidly, and with that growth comes increased interest from companies looking to accept crypto payments. While there are already a few major companies that accept cryptocurrency payments, like Microsoft and PayPal, many more are considering following suit.

Top 5 Personal Finance Books That You Need to Read

Top 5 Personal Finance Books That You Need to Read

When it comes to financing and budgeting, most of us have to learn everything all by ourselves. From figuring out the right kind of investments to learning how to manage your spending habits, we all need to know more about handling our personal finances.

These Startups Are Reducing the Digital Divide

These Startups Are Reducing the Digital Divide

It is hard to imagine doing anything without the internet today, especially since the world was hit by a pandemic. However, in a world where 37% of the global population has never had access to the internet, the reality of who gets to make the most of the internet is heavily skewed in the favor of the developed world.

Top 3 Most Anticipated VR Headsets of 2022

Top 3 Most Anticipated VR Headsets of 2022

There’s no doubt that virtual reality (VR) is here to stay. In recent years, VR technology has come a long way and shows no signs of slowing down. According to the 2021 report by Grand View Research, the global VR market is anticipated to expand at a compound annual growth rate (CAGR) of 15.0 percent from 2022 to 2030.

Should I Quit My High-Paying Job to Start a Business I Love

Should I Quit My High-Paying Job to Start a Business I Love?

So you’re stuck in a job you hate. It’s dragging you down, making you feel miserable every day. You’ve tried to quit, but it’s not that easy. You need the money, and those golden handcuffs are keeping you tied to your boss. Don’t worry, you’re not alone—many people find themselves in the same situation.

When Love Meets Tech - a Deep-Dive into the Matchmaking Industry

When Love Meets Tech – a Deep-Dive into the Matchmaking Industry

In the digital era, the internet has become a popular spot where people have resorted to finding love. By 2024, it is expected that global online dating services will have 276.9 million users. Whether it’s looking for love, a date or someone to hang out with or talk to, it’s obvious that people are actively seeking connections with other beings.