By Cameron Abbott and Sarah Goegan
We all know that cybersecurity incidents can cost your organisation a lot of money, but exactly how much? A report by Frost and Sullivan has found that losses from cyberattacks in the Asia Pacific region (APAC) could reach a staggering US$1.75 trillion, nearly 7 per cent of the region’s gross domestic product in 2017. As covered in our blog last week, the cost of cyber scams alone in Australia totalled $340 million AUD last year.
Frost and Sullivan calculated the costs of cybercrime using an economic loss model. The model accounts for three types of losses associated with cybersecurity breaches. Direct losses from fines and remediation costs, although most visible, are just the “tip of the iceberg”, according to the Vice President and Asia Pacific Head of Enterprise for Frost and Sullivan. Indirect losses, such as loss of customers from reputational damage, and induced losses, such as decreases in consumer spending, are also key factors. Overall, large APAC organisations were found to incur an average economic loss of $30 million from a security incident.
1,300 organisations participated in the study. Of the participants, 25% had experienced a cybersecurity incident, and 27% were uncertain whether they had had one, since they did not conduct proper forensics or data breach assessment. Also, only one in four organisations had considered cybersecurity before the start of a digital transformation project – the rest had either thought about cybersecurity after the project started, or not at all. 59% of enterprises stated that they had put off digital transformation due to fears of cyber risks. These figures are particularly concerning. When cybersecurity is avoided or treated as an afterthought, companies not only risk financial losses from having their security compromised, but also hinder their ability to capture future business opportunities.