Walk down the streets of Jakarta or Jaipur, and you will be sure to see people browsing the latest news or streaming their favorite shows on their portable devices. This is no surprise since Asia Pacific is home to the world’s largest population of Internet users, bolstered by a strong mobile movement and a thriving millennial population.

With the surge of connected devices in recent years comes along cybersecurity vulnerabilities; Asia faces tremendous security threats that prove to be more costly than its global counterparts. In 2015 alone, cyberattacks cost Asian companies more than US$81 billion—far exceeding North America and Europe combined by US$20 billion[1].

What is creating the cybersecurity divide between Asia Pacific and the rest of the world? Let us explore some of the factors that are playing a critical role in shaping Asia’s State of Security.

Investing smart trumps investing much  

According to Frost & Sullivan, only 4.3 percent of Asian organizations believe that they are resilient to withstand cyberattacks, hinting to the lack of confidence of the majority when it comes to their cybersecurity maturity level. Yet this is not due to any lack of cybersecurity initiatives. On the contrary, almost four of every five Asian organizations are in fact employing 24/7 threat monitoring.

Rather than not investing enough into cybersecurity, statistics are instead pointing towards organizations not maximizing the potential of their cybersecurity investments. About half of Asian organizations investing in cybersecurity are doing so in ways that are reactive—not proactive—to threats. In addition, some are investing in several silo security tools that are unable to integrate or interoperate with one another, thus limiting the effectiveness of their cybersecurity strategy[2].

The dearth of cyber talent

While threat prevention is critical, organizations can never be completely safe from cybersecurity breaches. As such, having a robust cybersecurity team to effectively manage threats goes a long way in minimizing the occurrence of breaches—ultimately protecting an organization’s most important assets. 

But, as straightforward as it may sound, the world is facing a talent crunch in cybersecurity. This is especially so in Asia Pacific. A recent study by consultancy firm Oliver Wyman found that 74 percent of Asian organizations find it “difficult or extremely difficult” to recruit cyber talent, a big reason why they take almost twice the time of global standards to discover a breach[3]. Some governments have decided to take this matter into their own hands. For example, Singapore is investing in research laboratories and education[4] to groom future cybersecurity talents, while Japan has set up cybersecurity training centers[5] to boost their existing cybersecurity talent pool.

Gradual yet steady support from the government

With recent cyberattacks like WannaCry crippling national agencies such as National Health Service of England and State Governments of India, governments are starting to feel the importance of cybersecurity. More importantly, many are taking pivotal steps to strengthen nations’ capacity against cyberattacks.

On July 10 in Singapore, the Ministry of Communications and Information (MCI) and the Cyber Security Agency (CSA) released the Cybersecurity Bill as part of its larger cybersecurity strategy that was launched last year as part of the Smart Nation Initiative. Prior to the Cybersecurity Bill, there was no overarching cybersecurity legislation in Singapore. The Bill is a critical piece of Singapore’s effort to ensure a resilient and secure infrastructure that protects personal data and information, and to create a safe and conducive environment online. Public consultation on the Bill closes on August 3.

In China, the government is implementing a cybersecurity law aimed at protecting sensitive data of Chinese citizens. On the other hand, the Indian government is more focused on securing IT infrastructure with their National Cyber Security Policy introduced in recent years. While the journey to close the cybersecurity gap will not be easy, it is still heartening to see a growing number of regional platforms such as RSA® Conference offering dedicated platforms to drive discussions around the government’s role in building cyber resilience. Ultimately, this will help spur such concerted efforts across Asia Pacific as they seek to catch up with their global counterparts.

Amid the spate of recent cyberattacks, the importance of cybersecurity can no longer be understated; what works best for some organizations may not be for others. That is why investing in cybersecurity needs careful consideration, where quality of investments trumps quantity, to properly bridge the gap. Only then, can we start discussing cyber security issues on regional and international platforms that go beyond the hows and into the whys.