Executives worldwide acknowledge the increasingly high stakes of cyber insecurity. Forty per cent of survey respondents cite the disruption of operations as the biggest consequence of a cyberattack, 39 per cent cite the compromise of sensitive data, 32 per cent cite harm to product quality, and 22 per cent cite harm to human life.
Yet despite this awareness, many companies at risk of cyberattacks remain unprepared to deal with them. Forty-four per cent say they do not have an overall information security strategy. Forty-eight per cent say they do not have an employee security awareness training programme, and 54 per cent say they do not have an incident-response process.
Case studies of non-cyber disasters have shown that cascading events often begin with the loss of power – and many systems are impacted instantaneously or within one day, meaning there is generally precious little time to address the initial problem before it cascades.
Interdependencies between critical and non-critical networks often go unnoticed until trouble strikes.
Many people worldwide – particularly in Japan, the United States, Germany, the United Kingdom and South Korea – are concerned about cyberattacks from other countries. Tools for conducting cyberattacks are proliferating worldwide.
Smaller nations are aiming to develop capabilities like those used by larger countries. And the leaking of US National Security Agency hacking tools has made highly sophisticated capabilities available to malicious hackers.
When cyberattacks occur, most victimised companies say they cannot clearly identify the culprits. Only 39 per cent of survey respondents say they are very confident in their attribution capabilities.
The soaring production of insecure internet-of-things (IoT) devices is creating widespread cybersecurity vulnerabilities. Rising threats to data integrity could undermine trusted systems and cause physical harm by damaging critical infrastructure.
Meanwhile, there is a wide disparity in cybersecurity preparedness among countries around the world. The frequency of organisations possessing an overall cybersecurity strategy is particularly high in Japan (72 per cent), where cyberattacks are seen as the leading national security threat, and Malaysia (74 per cent).
“While companies globally and in Thailand invest in some of the most advanced technologies, they are simply forgetting to look at cybersecurity in their own backyard,” said lead consulting partner Vilaiporn Taweelappontong. “This has put them at risk and is holding back most companies from growth.
“With this in mind, Thai firms must rethink their cybersecurity strategies and have proper measures in place to become successful and grow.”