A new study has revealed that 26% of companies in Malaysia said the most severe cybersecurity breaches in the last year has had a financial impact of more than US$1mil (RM4.11mil).
Cisco's 2019 Asia Pacific CISO Benchmark Study reported that the 2019 figure is a significant decline from 2018, when 50% of companies in Malaysia reported the same financial impact or more.
According to Cisco, financial impact from cybersecurity breach include the the cost of the investigations, lost revenue, lost customers, lost opportunities, as well as out-of-pocket costs. For some listed companies, breaches also tend to negatively impact the stock value.
It also noted that there are fewer Malaysian companies reporting more than US$1mil financial impact in cybersecurity breaches compared to companies in Singapore (40%) and Thailand (35%).
The study is based on a survey of close to 2,000 security professionals from 11 countries in the region. For Malaysia, 151 security professionals from different industries were involved in the study.
"Due to the nature of the survey, respondents were not asked to specify their names and the company they are from. However, we have other screeners in place to ensure that the respondents are security decision-makers from organisations of 100-499 people to large enterprises and the public sector," a Cisco spokesperson said to The Star.
The study stated that 43% of the companies that it surveyed in Malaysia reportedly received more than 10,000 alerts on cybersecurity each day, compared to 46% in 2018. From the alerts that the companies became aware of, 44% were investigated, an increase from 40% in 2018. The study also claimed that 46% of Malaysian companies are getting better at addressing genuine alerts, compared to 44% in the previous year.
However, the study noted that companies in Malaysia are facing longer downtimes due to cybersecurity breaches, with 27% reporting a downtime of more than 24 hours – a huge increase from 2018, when only 9% of companies reportedly suffered a downtime of 24 hours and more.
Cisco said there a number of possible factors that could lead to the increase in companies experiencing longer downtimes.
"Firstly, companies are becoming more mature in their understanding of cybersecurity. As such, there is a possibility that some of them are taking proactive measures to shut down their network once they find out that have been breached in order to prevent the attack from spreading further.
"Another factor is the complexity of the security environment where companies use a high number of vendors and find it challenging to orchestrate threat alerts among the various vendors. One solution is for companies to take a platform approach to security where solutions are integrated and communicate with one another," the company said.
The average for Asia Pacific is 23% while globally, Cisco stated that only 4% of companies reported a more than 24-hours downtime.
Cisco Malaysia managing director Albert Chai believes there is an increase on cybersecurity awareness among businesses in the country based on the results of the study. He noted that success in the digital economy also depends on how a company takes on issues related to cybersecurity.
"Security can no longer be an afterthought; it needs to be the underlying foundation of any digitalisation effort. While we are seeing some positive trends, a lot more needs to be done to ensure that businesses are well prepared to tackle any issue on this front," he said in a statement.
The study stated that of the Malaysian companies surveyed, 43% agreed that organisational culture and attitude towards cybersecurity is a major reason why there is a barrier towards advanced security technologies in the country. Other reasons include budget constraints (38%), a lack of trained personnel (38%) and a lack of knowledge on advanced security processes (38%).
Malaysians companies in the study also said they will take measures to improve cybersecurity by increasing the amount of awareness training among employees (56%), rely on the enforcement of data protection and regulations (44%), focus on preventing security breaches caused by employee mobile devices (37%) and pay attention to risk analysis as well as prevention (37%).
Did you find this article insightful?