EY Webcast: COVID-19 and digital transformation is pushing cybersecurity risk up the agenda for companies in Asia-Pacific
EY polled more than 350 participants in Asia-Pacific during a webcast on trends in cybersecurity;
EY member firm partners shared their thoughts on the steps that companies must take to protect themselves
· Nearly one-third (30.6%) of webcast participants regard digital transformation as the most important driver for investing in cybersecurity
· Cybersecurity risk awareness has heightened as a result of a few key factors, including a desire to reduce cyber risks in organizations (26.2%), as well as COVID-19 and increased remote working (13.1%).
September 21, 2020 – In this transformative age in which COVID-19 has further accelerated change, businesses are rapidly pursuing digital transformation opportunities and as a result, they are seeing cybersecurity risks increase exponentially. Organizations that lack awareness of the risks and appropriate security measures will face severe disruption to their business, financial loss and declining trust with their clients, customers and stakeholders.
To encourage organizations to prioritize cyber safety in their digital transformation plans, EY held a webcast titled “Does cybersecurity only become a priority once you’ve been attacked?”, in response to the elevated attention that cybersecurity issues are attracting in boardrooms across the region.
Cybersecurity norms disrupted by COVID-19 and risk awareness is on the rise in Asia-Pacific
With many businesses transitioning from physical to virtual operations, COVID-19 has led to an increase in attention on the considerable business impacts that cyber risks pose. Georgina Crundell, EY Oceania Cyber Assurance Leader, observed that the digital landscape has transformed significantly over the past few months: “Many organizations have relaxed controls since the onset of the COVID-19 pandemic, and this is leading to an increased likelihood of cyberattack.” Richard Watson, EY Asia-Pacific Cybersecurity Consulting Leader, noted that COVID-19 is the principle reason for an increased investment in cybersecurity. The recent GISS EY survey on cybersecurity operations revealed that more than 80% of leaders surveyed reported that they had experienced a disruption in day-to-day security operations. Challenges surrounding remote working was the most commonly cited reason.
On September 8, EY polled more than 350 participants from Asia-Pacific in the webinar. The webcast poll results demonstrated that many companies are experiencing heightened disruption and elevated risks due to digital transformation. The growing disruption is being driven by three key factors: Around one-third (30.6%) stated that digital transformation, and the increasing usage of cloud and emerging technologies, is the main reason that their company is investing in stronger cybersecurity systems, 26.2% observed a growing overall desire to reduce the organization’s cyber risks, and 13.1% noted changes induced by COVID-19, like remote working dynamics.
Recognizing the risks is only the start, understanding implications is the key to better protection
Rising cyber threats is not just a data problem, but a personnel problem and an economic problem. During a cyber-attack, not only is a company’s data compromised, it can result in a domino-effect of other issues. Even a one-off cyber-attack can lead to major disruption in the organization. For public services, Professor Lam Kwok Yan, Professor of Computer Science, Nanyang Technological University, Singapore noted that “disruption of government services can seriously impact society. Phishing is on the rise and it has the potential to hamper public confidence in trusted e-services such as e-government and e-banking.” For private businesses, the time and cost of managing and mitigating cyber-attacks can be significant. At a time where businesses need to focus on sustaining and growing their business, it is more important than ever that they develop a coherent plan for handling cyberattacks to ensure time and resources count.
As Georgina Crundell, explained: “Once you understand your risks and how effective your controls are, you can make wise investments in the right controls.” Companies must engage in a holistic cyber program, keep a watchful eye on remediation plans, and closely monitor for any upcoming investigations, lawsuits and regulatory reviews.”
Internal and external risk factors are equally important
Although the increased activity from hacktivists should not be ignored, Richard Watson, EY Asia-Pacific Cybersecurity Consulting Leader, also stressed that companies need to pay attention to growing levels of third-party risk, and companies must take note that cyber breaches can come from both internal and external threats. He added, “trusted parties can still pose a significant risk, which should not be overlooked”. For companies to effectively protect themselves, businesses must stay alert of the number of parties that have access to sensitive data and ensure that all parties are encapsulated during cybersecurity capacity assessments.
Companies are also grappling with increasingly complex laws and regulations on cybersecurity, cyber hygiene, and cyber resilience in various countries. Governments and regulators everywhere are tightening efforts to protect the digital identities and personal data privacy of their citizens. As a result, companies must carefully monitor and navigate a fast-changing landscape of requirements and regulations, and understand how a multitude of cybersecurity regulations issued by local governments and agencies can impact their business. Moreover, in order to stand out from the competitive space, businesses must anticipate the future and adopt a forward-looking mindset for establishing defense systems with newer and more comprehensive techniques. Companies with international businesses across various countries, must also invest in strategic cybersecurity plans and systems that cover all jurisdictions and geographies that they operate in.
About EY Cybersecurity webcast September 2020
On September 8th, 2020, EY held a live cybersecurity webcast with 350 attendees in Asia-Pacific from Australia (31.14%), Singapore (14%), Hong Kong (5.43%), Malaysia (16%), New Zealand (2%), Philippines (22.29%), and China Mainland (0.57%). Outlying jurisdictions (8.57%) that attended include India, Indonesia, Japan, South Korea, Sri Lanka, and Taiwan.
Attendees primarily consisted of organizations and leaders representing from industries spanning from financial services, technology, consulting, manufacturing, energy and education, and organizations representing both private and listed companies; large multi-nationals and even government agencies. Attendees are also C-suite leaders including CFOs, CEOs, Chief Audit Officers, CIOs, CTOs, Compliance Officers, IT Auditors, Head of Internal Audit and a number of board members.
The speakers were:
· Richard Watson, EY Asia-Pacific Cybersecurity Consulting Leader
· Georgina Crundell, EY Oceania Cyber Assurance Leader
· Professor Lam Kwok Yan, Professor of Computer Science, Nanyang Technological University, Singapore
Notes to editors
EY is a global leader in assurance, tax, strategy, transaction and consulting services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.
EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. Information about how EY collects and uses personal data and a description of the rights individuals have under data protection legislation is available via ey.com/privacy. For more information about our organization, please visit ey.com.
This news release has been issued by EYGM Limited, a member of the global EY organization that also does not provide any services to clients.
EYG no. 006455-20Gbl