Don't let cybersecurity be an afterthought

MANY business and information technology (IT) leaders whom I have spoken to agree that technology is a disruptive force - one that enables new business models, opens new sources of revenue and shapes entire industry landscapes. However, one of the biggest challenges in digital transformation is ensuring security, privacy and compliance.

As employees bring devices, apps and data into organisations, protecting company data becomes more important than ever before. In today's digital world, traditional IT boundaries are fast disappearing and adversaries are continuously identifying new targets to attack.

Against this backdrop, organisations that do not prioritise security face the risk of significant financial loss, damage to customer satisfaction and market reputation - as has been made all too clear by recent high-profile breaches.

The recent Singapore Cyber Landscape Report 2017 painted a clear picture of the cybersecurity risks that the nation faced in the past year. What was interesting to note was that global incidents such as the mass defacement of WordPress websites, WannaCry and NotPetya ransomware attacks as well as the Yahoo data breach seem to mirror the cybersecurity incidents that we encounter here in Singapore.

While organisations in Singapore emerged relatively unscathed from the incidents that took place last year, the report revealed that there is still much work to do as we expect more attacks on business and individuals, growing threats to connected mobile devices, state-linked cyber actors making bolder moves, weak links being increasingly targeted, and more signs of artificial intelligence (AI) enabled cyberthreats and solutions being used in 2018.

This means that increasingly, cybersecurity cannot be an afterthought for organisations of all sizes as threats are becoming increasingly malicious, with potentially bigger impact on businesses as the threat landscape evolves.

The true cost of cybersecurity incidents: economy, opportunities and job losses

Earlier this year, Microsoft conducted a cybersecurity study in partnership with Frost & Sullivan, with the aim of providing business and IT decision makers with insights into the economic cost of cybersecurity breaches in Singapore and identifying key gaps in organisations' cybersecurity strategies.

The study, which was conducted with 1,300 business and IT decision makers across the Asia-Pacific region, including 100 from Singapore, revealed that business and IT leaders often underestimate the business and economic impact of a cyber attack, and that what leaders see at the moment could merely be the tip of an iceberg. By calculating the direct, indirect and induced losses associated with a cybersecurity incident using the Frost & Sullivan economic loss model, the potential economic loss in Singapore due to these incidents can hit a staggering US$17.7 billion, amounting to 6 per cent of Singapore's total gross domestic product of US$297 billion.

This also points to the idea that the direct losses incurred because of a cybersecurity incident - associated financial losses including loss of productivity, fines, remediation costs, etc - form only a part of the total. Indirect costs such as the opportunity costs to the organisation such as customer churn due to reputation loss; and the impact of a cyber breach to the broader ecosystem and economy, such as the decrease in consumer and enterprise spending also add up to form the bigger picture to reflect the true cost of cybersecurity incidents - which is often much larger than what most leaders imagine.

Prioritising security in your organisation's digital transformation journey

With cybersecurity incidents being extremely costly for organisations of all sizes in Singapore - averaging US$13.8 million in economic loss for a large-size organisation and US$177,000 for a mid-size organisation, cybersecurity needs to be prioritised in an organisation's digital transformation strategy in order to help lay the secure foundation for its continued growth in the future.

Each year, Microsoft invests in research and development, spending over a billion dollars, to discover ways to help organisations withstand and respond to cyber attacks through a unique combination of our intelligence, platform and partners. Drawing from what we have learnt, here are five cybersecurity best practices that can help organisations strengthen their cyber defence in the digital world: