News Summary:
- 65% Thai SMBs suffered a cyber incident in the last 12 months
- 47% of those that suffered cyber-attacks said these cost the business US$500,000 or more
- SMBs are preparing to tackle this, with 95% having simulated cybersecurity incidents in the past 12 months
Small and medium-sized businesses (SMBs) in Thailand are exposed, under attack, and more worried about cybersecurity threats than before, a new study by Cisco shows. According to the study, 65% SMBs in Thailand suffered a cyber incident in the past year. As a result of these incidents, 76% lost customer information to the hands of malicious actors.
This is making SMBs more apprehensive about cybersecurity risks, with 76% saying they are more worried about cybersecurity now than they were 12 months ago, and 97% saying they feel exposed to cyber threats. However, SMBs across the region are not giving up. In fact, the study highlights that they are taking strategic measures like carrying out simulation exercises to improve their cybersecurity posture.
Titled Cybersecurity for SMBs: Asia Pacific Businesses Prepare for Digital Defense, the study is based on an independent, double-blinded survey of over 3,700 business and IT leaders with cybersecurity responsibilities across 14 markets in Asia Pacific, including 153 respondents in Singapore. The survey highlighted that SMBs saw a myriad of ways in which attackers tried to infiltrate their systems. Malware attacks, which affected 91% of SMBs in Thailand, topped the charts, followed by phishing, with 77% saying they experienced such attacks in the past year.
Nearly half (49%) of SMBs in Thailand that suffered a cyber-attack highlighted cybersecurity solutions not being adequate to detect or prevent the attack as the number one reason for these incidents. Meanwhile, 25% attributed not having cybersecurity solutions in place as the top factor.
These incidents are having a tangible impact on business. Nearly half (47%) of SMBs in Thailand that suffered cyber incidents in the past 12 months said these cost the business US$500,000 or more, with 28% saying that the cost was US$1 million or more.
“SMBs across Thailand have increased their pace of digitization over the past 18 months. This has been driven by the fact that have been able to leverage technology to continue to operate and serve their customers even as they tackled the implications of the pandemic. Their digitization has in turn fueled a critical need for SMBs to invest in solutions and capabilities to ensure they are safeguarding themselves on the cybersecurity front. This is because the more digital they become, the more attractive a target they are for malicious actors,” said Padd Chantaraseno, Managing Director, Cisco Thailand.
Besides the loss of customer data, SMBs in Thailand that suffered a cyber incident also lost employee data (69%), internal emails (65%), intellectual property (53%), and financial information (57%), sensitive business information (49%). In addition, 56% of those that suffered an incident said it disrupted their operations.
Disruptions caused by cyber incidents can have serious implications for SMBs. Over eight in 10 (81%) SMBs in Thailand said that a downtime of anything more than an hour results in severe operational disruption, and 86% said it would result in loss of revenue. Further, 29% said a downtime of more than a day would result in a permanent closure of their organization.
The scale of the challenge is highlighted by the fact that only 13% of respondents in Thailand said they were able to detect a cyber incident within an hour. The number of those that were able to remediate a cyber incident within an hour is even lower at 7%.
“We are living in a world where customers seek instant gratification. They no longer have the patience for lengthy downtimes. It is critical for SMBs to be able to detect, investigate, and block or remediate any cyber incident in the shortest time possible. To be able to do that, they need solutions that are easy to deploy and use, integrate well with each other, and help them automate capabilities like detection, blocking, and remediation of cyber incidents. In addition, they need clear visibility across their entire IT infrastructure including their cloud and ‘as a service’ deployments, and take a platform approach to cybersecurity,” said Juan Huat Koo, Director Cybersecurity, Cisco ASEAN
Conquering Fear with Preparedness
Cisco’s study found that while SMBs in Thailand are more worried about cybersecurity risks and challenges, they are also taking a planned approach to understand and improve their cybersecurity posture through strategic initiatives. According to the study, 95% of Thai SMBs have completed scenario planning and/or simulations for potential cybersecurity incidents in the past 12 months, and the majority have cyber response (92%) and recovery plans (88%) in place.
Eighty-five percent of respondents who completed scenario planning and/or simulations uncovered weak points or issues in their cyber defenses. Of those that identified weaknesses, 94% said they found they did not have the right technology in place to detect a cyber-attack or threat.
SMBs are also increasingly aware of where their biggest cyber threats come from. The research highlighted that phishing (35% ranked #1) is seen as the top threat by SMBs in Thailand. Other top threats to overall security include targeted attacks by malicious actors (26% ranked #1), use of personal devices (20% ranked #1), and unsecured laptops (13% ranked #1).
The good news is there are generally strong levels of investment by SMBs in cybersecurity. Across the board, 89% of Thai SMBs have increased their investment in cybersecurity since the start of the pandemic, with 52% increasing investment by more than 5%. These investments are well distributed across areas such as cybersecurity solutions, compliance or monitoring, talent, training, and insurance, suggesting a strong understanding of the need for a multi-faceted and integrated approach to building a strong cyber posture.
“Cybersecurity is evolving rapidly. This is being driven by trends like the expanding attack surface, move to multi-cloud, rise of hybrid work, as well as new security requirements and regulations. As they embark on their digitalization journeys, SMBs have a unique opportunity to lay the right foundation for their security posture and build their business on a strong foundation of trust,” said Kerry Singleton, Managing Director, Cybersecurity, Asia Pacific, Japan, China, Cisco.
The report highlights five recommendations that organizations of all sizes can employ to improve their cybersecurity posture given the ever-changing landscape. They are: having frequent discussions with senior leaders and all stakeholders, taking a simplified, integrated approach to cybersecurity, staying prepared through conducting real-world simulations, training and educating employees, and working with the right technology partner.
–Ends–
Additional Resources:
- Read the Cybersecurity for SMBs: Asia Pacific Businesses Prepare for Digital Defense report
- Learn more about your local data
- For a deeper dive, read the global Cisco 2021 Security Outcomes Study for SMBs
About Report Methodology
The COVID-19 pandemic has fueled a critical need to invest in technology solutions and capabilities among organizations of all sizes, at first for survival, and now to thrive in the new normal. This is especially true for SMBs across Asia Pacific. Commissioned by Cisco and conducted by Dynata, the Cybersecurity for SMBs: Asia Pacific Businesses Prepare for Digital Defense study explores the evolving cybersecurity challenges facing SMBs in the region, how SMB leaders are approaching cyber preparedness, and recommendations for improving it.
The report presents and analyses the findings of a survey of business and IT leaders with cybersecurity responsibilities at over 3,700 SMBs across 14 markets in Asia Pacific. The markets are Australia, China, Hong Kong, India, Indonesia, Japan, New Zealand, Malaysia, Singapore, South Korea, Taiwan, Thailand, the Philippines, and Vietnam.