The new cyber risk landscape

Confidence in the face of increasing risk

The Mazars C-suite barometer 2021 takes the pulse of over 1,000 C-suite executives from 39 countries and around 200 executives from 10 countries in the Asia-Pacific (APAC) region.

Globally, most businesses are confident in their ability to manage cyber risks: over two thirds (68%) feel their data is ‘completely’ protected and a further 29% say their data is ‘partially’ protected.

In APAC, three in four (74%) business leaders feel that their data maturity is higher than their competitors’. Furthermore, two in three (67%) say their business’ data is fully protected, in line with the global average.

C-suite insights

Global

• 54%

  Over half of respondents believe the cyber security risk to their organisation has increased over the past 12 months.

• 35%

   More than a third think a significant data breach in the next 12 months is likely.

• 68%

   Over two-thirds are confident their data is completely protected. A further 29% say their data is partially protected.

APAC

• 55%

  Over half of APAC C-suites feel that cyber security risk to their organisation has increased over the past 12 months.

• 38%

  More than a third expect a significant data breach within the next 12 months.

• 67%

  Over two-thirds are confident their data is fully protected, in line with global average.

A new cyber risk landscape

This confidence is encouraging, especially as these leaders also acknowledge the cyber security risks to their businesses have increased, and just over a third consider a significant data breach in the coming year likely.

Our C-suite research was conducted in late 2021, prior to the shocking invasion of Ukraine by Russian forces. We have seen devastation in many forms, and cyber attacks are part of the hostilities of this conflict. The crisis in Ukraine has elevated cyber risks across the globe, and we urge businesses of all sizes to assess and improve their cyber security measures based on the new risk landscape. Specific actions to be considered include:

1. Organise cyber risk management and resilience

• Increase awareness of phishing attacks and take measures such as warnings for email from outside of your organisation.
• Review your existing and future state cyber risk landscape via acknowledging your cyber risks, threats and dependencies
• Consider network segmentation-based internet connections and processes in relation to countries with high geo-political tension.
• Assess your IT service providers regarding cyber risks. Understand the consequences of cyber risks in your value and supply chain

2. Monitor, detect and communicate

• Introduce stricter monitoring and detection of anomalies in web applications and networks
• Organise communication and information sources regarding new cyber risks and vulnerabilities
• Undertake frequent reporting to the responsible management on cybersecurity / threats monitoring and detection
• Last, but not least, perform regular cyber security assessments and penetration tests on the internet-facing applications and internal network.

3. Prepare incident response

• Assess your cyber incident response procedures and be prepared for recovery following cyber incidents
• Assess your communication plans in case of a cyber incident. Be sure you have off-line lists of your contacts - including insurers, suppliers, external security specialists and legal/government agencies - and all the relevant procedures
• Make sure your backup procedure is working and keep backups off-line
• Backup not only data and software but also all data and assets necessary to recover your system, like configuration data. This also requires an actual insight in all IT related assets.

Cyber risks in Singapore

Cybersecurity threats have been looming on the horizon prior to the current crisis. Between 2020 and 2021, Singapore observed a 73 percent increaseⁱ in data breach and ransomware incidents.

While there are currently no specific threats to Singapore organisations in relation to the recent global events, business leaders are encouraged to take immediate steps to reinforce their cybersecurity posture, boost their technology investments and bolster their online defences.

As Singapore accelerates digitalisation, cyber criminals will find new and innovative ways to defeat security measures. No matter how well protected a business is, it’s likely a cyber-attack will affect them at some point: having a recovery plan to minimise the disruption and impact on your business is vital.

[i]Yahoo News Singapore, March 2022.