Cybersecurity and the Board: Perspectives from Asia

As the digital landscape continues to evolve at an unprecedented pace, businesses face heightened exposure to cyber threats, necessitating a proactive approach to cyber risk management.

In our recent directors and officers’ risk survey conducted across over 40 countries – including the Asia region – we gathered responses from directors and risk managers to shed light on what their approaches were towards cyber risk governance, incident response and preparedness, and cyber insurance.

Our survey findings underscored the below key themes:

1. 01

   Persistent threats

   Cyber-attacks and data loss maintain their positions as top concerns for directors and officers emphasizing the critical need for organizations to develop robust cyber risk management strategies.

2. 02

   Heightened board oversight

   There is a discernible increase in board and CEO focus on overseeing and managing cyber risk issues, accompanied by more frequent reporting on cybersecurity and the evolving threat landscape.

3. 03

   Strategic investments

   Organizations are poised to allocate increased budgets to cybersecurity over the next year, reflecting the recognition of the dynamic risk environment and the imperative to invest in people, processes, and technology.

4. 04

   Enhanced preparedness

   Businesses express growing confidence in their ability to manage cyber incidents effectively, recognizing the indispensable role of comprehensive and tested response plans in mitigating financial and reputational impacts.

5. 05

   Emergence of cyber insurance

   Cyber insurance remains a vital component of organizations' cyber risk management strategies, with an increasing number of respondents considering its implementation. Cyber insurance offers financial mitigation and access to resources and expertise in responding to cyber incidents.

The regional findings for Asia showed that Cyber attacks (including cyber extortion) was ranked second most important risk, a close second after Health and safety, and Data loss in at third most important risk.

In terms of who at the organization sponsors cyber risk management strategy: 38% of our Asia-based clients reported the board or CEO sponsored cyber risk management strategies, closely followed by 35% reporting it was a senior leadership group that sponsored this.

On the topic of cyber incident response and preparedness, 79% of our Asia-based respondents had completed a cyber table-top exercise in the last 12 months, with 54% noting that they felt the organization was well/very well prepared to manage cyber incident effectively.

Regarding cyber insurance, 45% of respondents had cyber insurance in place with 32% of respondents planning to purchase it in the next two years.

Key trends garnered from our survey findings include:

• Organizations are making strategic investments in cybersecurity (including Cyber Insurance): they are allocating sufficient resources and budget towards enhancing cybersecurity measures to effectively manage the growing financial risks associated with cyber-attacks.
• Organizations are strengthening incident response plans to increase board confidence that the organization is equipped and prepared in handling cyber incidents efficiently and effectively – cyber insurance is a valuable partner in facilitating such incident response protocols.
• Organizations are investing in Cyber Insurance. Recent global IT-related events and the constant stream of cyber news headlines have highlighted the dependency we have on technology yet also the unseen fragility of technology supply chains. Despite best efforts of countering risk, it is simply impossible to prevent against every event or cater for every vulnerability. Cyber insurance serves as critical part of enterprise risk management, ensuring financial protection for the cost of managing and recovering from cyber-related perils.

But how do you start? Where do you go to obtain a quote? What should you look for in coverage? How much insurance do you need? All these questions and more can be addressed in a 30-minute free consultation with one of our cyber broking specialists.