One Key Element to Protecting Your Organization from Cyber Crime
Transparency Trends in Asia
We argue that there is still a lack of transparency in Asia that reduces visibility about the level and frequency of cyber attacks, resulting in the perception that cyber threat is lower in Asia than it actually is. That, in turn, leads to insufficient investment in cybersecurity among corporations and erodes the urgency for tighter cybersecurity among regulators.
The degree to which Asia lags behind the rest of the world is highlighted in recent research, which found the median time between a breach and its discovery for Asian organizations is almost double the global average—172 versus 99 days.
Underpinning the region’s transparency issue is its lack of data breach notification laws—which typically require companies that are compromised to inform regulators and stakeholders and take steps to remediate or face a heavy penalty, with the exception of Japan, Australia, South Korea and the Philippines, for example. In some countries, breach notification may be industry-specific; for example, the Monetary Authority of Singapore requires financial institutions to notify them of any breach of security or confidentiality of customer information, or any events that can potentially lead to prolonged service disruption.
This indicates that some governments and policymakers have yet to recognize the importance of transparency in the battle against cyberattacks, which shrouds perceptions and influences the behavior of corporations, resulting in inaction or inadequate mitigation efforts.
Detailed and clear data breach notification laws, supported by enforcement, and a culture of compliance within organizations are critical to improving transparency and improved risk mitigation.
Although this breaks the opacity that most organizations would prefer, such legislation keeps companies accountable to their stakeholders, allowing them to protect their reputations and also minimize losses that could result directly and indirectly from breaches in the cyber architecture.
Another challenge that Asian governments face is that even when willing to put in place legislation to ensure transparency, they have been slow in doing so, compared to the rapid pace of digital transformation in Asia. This is in contrast to the West, where digital progress was slightly more incremental and allowed regulators somewhat more time to adapt, assess and implement necessary safeguards.
The views expressed in these articles are those of the authors and do not necessarily reflect the views of the Asian Development Bank, its management, its Board of Directors, or its members.