Beyond Finances: The Additional Costs of Data Breaches in SEA

Protecting corporate and personal data has become a necessity for modern businesses in Southeast Asia (SEA), especially for the past two years. Unfortunately, with new threats emerging during the pandemic and the extended period of remote work it introduced, businesses have to tackle both internal financial risks and external cyber threats. Kaspersky today deep dives on the current cost of data breaches in Southeast Asia – monetary and beyond.

The global cybersecurity company’s “IT Security Economics 2021: Managing the trend of growing IT complexity” showed that despite new threats, the costs of data breaches didn’t grow excessively in 2021 worldwide.

A total of 4,303 interviews from businesses with more than 50 employees were conducted across 31 countries in May-June 2021. Respondents were asked about the state of IT security within their organizations, the types of threats they face, and the costs they have to deal with when recovering from attacks. Throughout the report, businesses are referred to as either SMBs (small and medium-sized businesses with 50 to 999 employees) or enterprises (businesses with over 1,000 employees).

Kaspersky, in this research, discovered only a small 4% increase in the financial impact of data breaches for SMBs ($105k in 2021, compared to $101k in 2020), and a notable 15% decrease for enterprises which fell to $927k from $1.09 million in 2020, below the previous lowest figure from 2017 ($992k).

In SEA, the average cost of a data breach against an enterprise increased slightly at $716k this year from $710k USD in 2020. There is, however, a huge drop when it comes to the financial impact against SMBs. From $92k two years ago, it is only at $74k in 2021.

“The significant drop in the cost of data breaches against SMBs here is due to the fact that some of these businesses had to close shops during the height of this health emergency. It took a while before they were able to re-open and start their recovery. The financial impact of data breaches against enterprises has not skyrocketed as we continuously see improvements on businesses’ detection capabilities,” explains Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.

“During our customer interactions and also due to the increased media coverages about cyberattacks, more companies are now aware of the price they may pay if they let their guards down. However, once an attack is exposed to the press, the aftermath significantly increases. Reputational impact comes into play and this proves to be more damaging than the upfront monetary aftermath,” adds Yeo.

The average breakdown of the additional cost of a data breach against an enterprise in the region showed that the bulk of the money goes to improving software & infrastructure ($98K), extra PR to repair brand damage ($93k), training existing staff ($90k), employing external professionals ($88k) and damage to credit rating or insurance premiums (84k).

Another research from Kaspersky proved the reputational damage a single data breach can cost a company.

The firm’s research “Mapping a secure path for the future of digital payments in APAC” found out that almost half (42%) of users in SEA will not purchase from an e-commerce provider or any seller which was subjected to a data breach or any form of cyberattack.

A company’s history with data leaks also plays a role when users are choosing their mobile wallet. Almost two in five noted that they will opt for a digital payment provider that was not involved in any kind of data breaches or attacks before.

With the financial and reputational aftermath of a data breach, both enterprises and SMBs are urged to follow the advice below in order to help them mitigate cyberattacks and potentially reduce costs if they suffer a data breach:

• Ensure the organization is using the latest version of its chosen operating systems, with auto-update features enabled to ensure the software is always up to date.
• Adopt endpoint solutions, like Kaspersky Integrated Endpoint Security. It enables vulnerability assessment and patch management, to reduce the risk of vulnerabilities being exploited by cybercriminals. This can automatically eliminate vulnerabilities in infrastructure software, proactively patch them and download essential software updates. It also provides behavior detection and exploit prevention mechanisms that discover and stop suspicious endpoint activity.
• Educate employees on the importance of regularly updating technology and software. For example, IT training courses from the Kaspersky Automated Security Awareness Platform and Kaspersky Adaptive Online Training cover this topic.
• Develop a special crisis management plan for cybersecurity incidents and ensure that it integrates participants from key departments, including IT Security, IT, legal, government relations, investor relations, customer support and corporate communications.
• Consider specific training for all of the parties involved – including communication specialists and head of IT security – such as Kaspersky Incident Communications.

Survey Methodology

The Kaspersky “Mapping a digitally secure path for the future of payments in APAC” report studies our interactions with online payments. It also examines our attitudes towards them, which hold the key to understanding the factors that will further drive or stem the adoption of this technology. The study was conducted by research agency YouGov in key territories in APAC, including Australia, China, India, Indonesia, Malaysia, Philippines, Singapore, South Korea, Thailand, and Vietnam (10 countries). Survey responses were gathered in July 2021 with a total of 1,618 respondents surveyed across the stated countries.

The respondents ranged from 18-65 years of age, all of which are working professionals who are digital payment users.

Through this study, when the behavior of the population of a market is generalized, it is in reference to the group of respondents sampled above.