Only 12% of companies in Asia quantify their financial exposure to cyber threats, less than half the global average of 26% according to a recent study by Microsoft and Marsh. Credit: cyano66 / Getty Images Over two-thirds (69%) of security leaders in Asia are confident about their organization’s cybersecurity resilience, even as 48% also admit that there is still room for improvement, a new joint study by Microsoft and risk advisory firm Marsh has found.The Asian edition of The State of Cyber Resilience report, which had over 660 participants, including CEOs, CISOs, and risk managers, revealed that companies in Asia have experienced a far higher number of privacy breaches (28%) and denial of service attacks (21%) as compared to their global peers (18% and 14% respectively).Companies in Asia perceived privacy breaches or the loss of data as their top security concerns, while globally ransomware was observed as the biggest concern among organizations. As such, data loss is a critical concern that needs to be addressed and factored into cyberrisk management strategies, the report said. Contrary to global standards, only 58% of the respondents in Asia considered ransomware amongst their top cybersecurity concerns. Earlier this year, a report by IBM Security revealed ransomware as the top global attack type, contributing 20% to overall cyberattacks. Phishing and vulnerability exploits were found to be the top infection vectors for ransomware.Companies in Asia have a passive approach to securityThe study also found Asian organizations to have a passive approach to responding to cybersecurity incidents, focused largely on post-mortem evaluation. One in three (34%) organizations in Asia admitted to not having endpoint detection and response, a key insurance requirement. Additionally, 26% of the companies in the region have not made improvements to their devices in the past 12 months, compared to just 9% of organizations globally.More than a third (35%) of respondents in Asia evaluate a new technology for cyberrisks only when a cyberattack or incident has occurred. Also, 62% of the companies in Asia have placed a stronger emphasis on conducting a post-mortem review after an attack in the last 12 months.Asia’s highly contrasting approach has possibly led to a denial or miscalculated stance on its cybersecurity preparedness and calls for an immediate revisiting of security approaches for the region, the report pointed out.“It is worrying to see that 1 in 3 of organizations in Asia do not have endpoint detection and this would place those organizations’ potential insurability on the line. More than ever before, organizations need to place more emphasis on controls to help mitigate their cyberrisks,” said Faizal Janif, head of Asia Pacific cybersecurity advisory services at Marsh Advisory.Companies need to quantify cybersecurity risksThe study added that only 12% of companies in Asia quantify financial exposure to cyberrisk, a key metric while evaluating cyberthreats. This is the least among all geographies and less than half of the global average (26%).When questioned, 80% of respondents reported ‘lack of talent’ and 53% ‘lack of data’ to be the main reasons for such oversight. Moreover, 30% of the respondents pointed to an overall lack of cyberawareness and training in their organizations. Related content news Iranian hackers harvest credentials through advanced social engineering campaigns Mandiant observed several malicious campaigns with threat actors impersonating journalists and harvesting the victim’s cloud environment credentials. By Shweta Sharma May 02, 2024 4 mins Hacker Groups Social Engineering news Dropbox Sign hack exposed user data, raises security concerns for e-sign industry The names and email addresses of those customers were also exposed who had never created an account with Dropbox Sign but had “received or signed a document through Dropbox Sign.” By Gyana Swain May 02, 2024 5 mins Data Breach news UnitedHealth hack may impact a third of US citizens: CEO testimony Despite paying a $22 million ransom in Bitcoin to regain access to encrypted files, the company cannot confirm whether copies of the data were made or published online. By Prasanth Aby Thomas May 02, 2024 4 mins Data Breach Ransomware Hacking news Most interesting products to see at RSAC 2024 Tools, platforms, and services that the CSO team recommends 2024 RSA Conference attendees check out. By CSO Staff May 02, 2024 6 mins RSA Conference Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe