Can regulations improve cybersecurity? In APAC, opinions vary | WeLiveSecurity

Can regulations improve cybersecurity? In APAC, opinions vary

An ESET-commissioned survey among enterprises also shows that while respondents in most countries agree on the need to bolster cyber-defenses, some are reluctant to adopt cybersecurity solutions

An ESET-commissioned survey among enterprises also shows that while respondents in most countries agree on the need to bolster cyber-defenses, some are reluctant to adopt cybersecurity solutions

As technology evolves by leaps and bounds every year, so does the threat landscape and bad actors keep coming up with new threats. That’s not scaremongering, it’s a fact of life. A fact, of which most companies are acutely aware. This is backed up by data from an ESET-commissioned survey in Asia. Almost one in five respondents experienced more than six security breaches in the past two years through the usual suspects such as phishing emails, malware, and human error. This might have been avoided or mitigated by better cybersecurity awareness. On average, a security breach would cost a company more than US$100,000 in losses. With first-hand experiences such as these, how do businesses in the region perceive cybersecurity?

Two thirds of respondents think that it is of paramount importance for a country to have a powerful regulatory framework governing cybersecurity. While Indonesia is one of the greatest proponents of regulation, Japan does not consider it a priority. This may come as a surprise to some, since the latter country is considered a technological powerhouse. Although the Japanese government is making sure that the country is prepared for potential cyberattacks, including by testing IoT devices and reviewing cybersecurity guidelines, 57% of respondents are skeptical that the revision will bring any improvement.

They believe that the process will be complex and expensive and may not yield the desired result. Yet, when asked, they are the least confident in their organizations’ cyber-defense capabilities. Moreover, 68% of them are ‘unfamiliar’ or ‘averagely familiar’ with their country’s cybersecurity regulations. It also appears that they are not fans of encryption and mainly rely on organizational security and manpower. This could have an adverse effect since human error is considered one of the major reasons for data breaches.

On the other hand, three in four Chinese respondents think that a regulatory framework is important. With an overwhelming 86% support for a new e-commerce law introduced in August 2018, they believe that they are well equipped to comply with it. One of the law’s goals is to repair China’s reputation as the counterfeiting capital of the world, where a major part of knock-off merchandise is made.  Over half of the respondents believe that their government’s regulation of cybersecurity practices has been good so far.

With China being one of the largest e-commerce markets in the world, it should come as no surprise that it has a high adoption rate of good cybersecurity practices. Companies have a clear idea of what their top priorities are, using multiple cybersecurity practices, including two-factor authentication. Regular security checks, reputable security software and strong encryption are among the top three solutions proposed by companies to safeguard against data breaches.

Respondents from Hong Kong, India, Indonesia, Taiwan, and Thailand also participated in the survey shining a light on how they view the cybersecurity measures adopted by their countries and organizations. To glean better insight into their perceptions of these issues you may want to refer to the full report.

Discussion