A STUDY by Frost & Sullivan, commissioned by Microsoft, has revealed that the potential economic losses in the Philippines due to cyber-security incidents can hit a staggering $3.5 billion or 1.1 percent of the Philippines’s total GDP of $305 billion.
The study—“Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World”—aims to provide business and IT decision-makers with insights on the economic cost of cyber-security breaches in the region and identify the gaps in organizations’ cyber-security strategies.
The study involved a survey of 1,300 business and IT decision-makers ranging from midsized organizations (250 to 499 employees) to large-sized organizations (more than 500 employees).
More than half of the organizations surveyed in the Philippines have either experienced a cybersecurity incident (18 percent) or are not sure if they had one as they have not performed proper forensics or data breach assessment (34 percent), the study said.
“As companies embrace the opportunities presented by cloud and mobile computing to connect with customers and optimize operations, they take on new risks,” said Hans Bayaborda, managing director, Microsoft Philippines.
“With traditional IT boundaries disappearing the adversaries now have many new targets to attack. Companies face the risk of significant financial loss, damage to customer satisfaction and market reputation—as has been made all too clear by recent high-profile breaches,” he said.
The study revealed that:
“A large-sized organization in the Philippines can possibly incur an economic loss of $7.5 million, more than 200 times higher than the average economic loss for a midsized organization ($35,000); and
“Cyber-security attacks have resulted in job losses across different functions in seven in 10 [72 percent] organizations that have experienced an incident over the last 12 months.
“To calculate the cost of cybercrime, Frost & Sullivan has created an economic loss model based on macroeconomic data and insights shared by the survey respondents. This model factors in three kinds of losses, which could be incurred due to a cyber-security breach:
“Direct: Financial losses associated with a cyber-security incident—this includes loss of productivity, fines, remediation cost, etc;
“Indirect: The opportunity cost to the organization such as customer churn due to reputation loss; and
“Induced: The impact of cyber breach to the broader ecosystem and economy, such as the decrease in consumer and enterprise spending.
“Although the direct losses from cyber-security breaches are most visible, they are but just the tip of the iceberg,” said Edison Yu, vice president and Asia Pacific head of Enterprise for Frost & Sullivan.
“There are many other hidden losses that we have to consider from both the indirect and induced perspectives, and the economic loss for organizations suffering from cybersecurity attacks can be often underestimated,” he said.
In addition to financial losses, cyber-security incidents are also undermining the Philippine organizations’ ability to capture future opportunities in today’s digital economy, with more than half (57 percent) of respondents stating that their enterprise has put off digital transformation efforts due to fear of cyber risks.
Key cyber threats
Although high-profile cyber attacks, such as ransomware, have been garnering a lot of attention from enterprises, the study found that for organizations in the Philippines that have encountered cyber-security incidents, data exfiltration and data corruption are the biggest concerns as they have the highest impact with the slowest recovery time.
Besides external threats, the research also revealed key gaps in organizations’ cyber-security approach to protect their digital estate:
“Security an afterthought: Only 44 percent of organizations consider cyber security before the start of a digital transformation project. Majority of respondents (56 percent) either think about cyber security only after they start on the project or do not consider it at all. This limits their ability to conceptualize and deliver a “secure-by-design” project, potentially leading to insecure products going out into the market;
“Creating a complex environment: Negating the popular belief that deploying a large portfolio of cyber-security solutions will render stronger protection, the survey revealed that 17 percent of respondents with more than 50 cyber-security solutions could recover from cyber attacks within an hour. In contrast, more than twice as many respondents (38 percent) with fewer than 10 cyber-security solutions responded that they can recover from cyber attacks within an hour; and
“Lacking cyber-security strategy: While more and more organizations are considering digital transformation to gain competitive advantage, the study has shown that 46 percent of respondents see cyber-security strategy only as a means to safeguard the organization against cyber attacks rather than a strategic business enabler. A mere 25 percent of organizations see cyber-security strategy as a digital transformation enabler.”
“The ever-changing threat environment is challenging, but there are ways to be more effective using the right blend of modern technology, strategy and expertise,” added Hans.
“Microsoft is empowering businesses in the Philippines to take advantage of digital transformation by enabling them to embrace the technology that’s available to them, securely through its secure platform of products and services, combined with unique intelligence and broad industry partnerships,” he said.
To reach the writer, e-mail cecilio.arillo@gmail.com.