Only 12% of companies in Asia quantify their financial exposure to cyber threats, less than half the global average of 26% according to a recent study by Microsoft and Marsh. Credit: cyano66 / Getty Images Over two-thirds (69%) of security leaders in Asia are confident about their organization’s cybersecurity resilience, even as 48% also admit that there is still room for improvement, a new joint study by Microsoft and risk advisory firm Marsh has found.The Asian edition of The State of Cyber Resilience report, which had over 660 participants, including CEOs, CISOs, and risk managers, revealed that companies in Asia have experienced a far higher number of privacy breaches (28%) and denial of service attacks (21%) as compared to their global peers (18% and 14% respectively).Companies in Asia perceived privacy breaches or the loss of data as their top security concerns, while globally ransomware was observed as the biggest concern among organizations. As such, data loss is a critical concern that needs to be addressed and factored into cyberrisk management strategies, the report said. Contrary to global standards, only 58% of the respondents in Asia considered ransomware amongst their top cybersecurity concerns. Earlier this year, a report by IBM Security revealed ransomware as the top global attack type, contributing 20% to overall cyberattacks. Phishing and vulnerability exploits were found to be the top infection vectors for ransomware.Companies in Asia have a passive approach to securityThe study also found Asian organizations to have a passive approach to responding to cybersecurity incidents, focused largely on post-mortem evaluation. One in three (34%) organizations in Asia admitted to not having endpoint detection and response, a key insurance requirement. Additionally, 26% of the companies in the region have not made improvements to their devices in the past 12 months, compared to just 9% of organizations globally.More than a third (35%) of respondents in Asia evaluate a new technology for cyberrisks only when a cyberattack or incident has occurred. Also, 62% of the companies in Asia have placed a stronger emphasis on conducting a post-mortem review after an attack in the last 12 months.Asia’s highly contrasting approach has possibly led to a denial or miscalculated stance on its cybersecurity preparedness and calls for an immediate revisiting of security approaches for the region, the report pointed out. “It is worrying to see that 1 in 3 of organizations in Asia do not have endpoint detection and this would place those organizations’ potential insurability on the line. More than ever before, organizations need to place more emphasis on controls to help mitigate their cyberrisks,” said Faizal Janif, head of Asia Pacific cybersecurity advisory services at Marsh Advisory.Companies need to quantify cybersecurity risksThe study added that only 12% of companies in Asia quantify financial exposure to cyberrisk, a key metric while evaluating cyberthreats. This is the least among all geographies and less than half of the global average (26%).When questioned, 80% of respondents reported ‘lack of talent’ and 53% ‘lack of data’ to be the main reasons for such oversight. Moreover, 30% of the respondents pointed to an overall lack of cyberawareness and training in their organizations. Related content news Bug in EmbedAI can allow poisoned data to sneak into your LLMs The vulnerability can be used to deceive a user into inadvertently uploading and integrating incorrect data into the application’s language model. By Shweta Sharma May 31, 2024 3 mins Generative AI Vulnerabilities news OpenAI accuses Russia, China, Iran, and Israel of misusing its GenAI tools for covert Ops OpenAI’s generative AI tools were used to create and post propaganda content on various geo-political and socio-economic issues across social media platforms, the company said. By Gyana Swain May 31, 2024 4 mins Generative AI news Okta alerts customers against new credential-stuffing attacks Hackers are using credential-stuffing to attack endpoints that are used to support the cross-origin authentication feature. By Shweta Sharma May 31, 2024 4 mins Identity and Access Management Vulnerabilities feature 3 reasons users can’t stop making security mistakes — unless you address them Understanding what’s behind employee security mistakes can help CISOs make meaningful adjustments to their security awareness training strategies. By Ariella Brown May 31, 2024 5 mins Data Breach Risk Management PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe