Only 12% of companies in Asia quantify their financial exposure to cyber threats, less than half the global average of 26% according to a recent study by Microsoft and Marsh. Credit: cyano66 / Getty Images Over two-thirds (69%) of security leaders in Asia are confident about their organization’s cybersecurity resilience, even as 48% also admit that there is still room for improvement, a new joint study by Microsoft and risk advisory firm Marsh has found.The Asian edition of The State of Cyber Resilience report, which had over 660 participants, including CEOs, CISOs, and risk managers, revealed that companies in Asia have experienced a far higher number of privacy breaches (28%) and denial of service attacks (21%) as compared to their global peers (18% and 14% respectively).Companies in Asia perceived privacy breaches or the loss of data as their top security concerns, while globally ransomware was observed as the biggest concern among organizations. As such, data loss is a critical concern that needs to be addressed and factored into cyberrisk management strategies, the report said. Contrary to global standards, only 58% of the respondents in Asia considered ransomware amongst their top cybersecurity concerns. Earlier this year, a report by IBM Security revealed ransomware as the top global attack type, contributing 20% to overall cyberattacks. Phishing and vulnerability exploits were found to be the top infection vectors for ransomware.Companies in Asia have a passive approach to securityThe study also found Asian organizations to have a passive approach to responding to cybersecurity incidents, focused largely on post-mortem evaluation. One in three (34%) organizations in Asia admitted to not having endpoint detection and response, a key insurance requirement. Additionally, 26% of the companies in the region have not made improvements to their devices in the past 12 months, compared to just 9% of organizations globally.More than a third (35%) of respondents in Asia evaluate a new technology for cyberrisks only when a cyberattack or incident has occurred. Also, 62% of the companies in Asia have placed a stronger emphasis on conducting a post-mortem review after an attack in the last 12 months.Asia’s highly contrasting approach has possibly led to a denial or miscalculated stance on its cybersecurity preparedness and calls for an immediate revisiting of security approaches for the region, the report pointed out.“It is worrying to see that 1 in 3 of organizations in Asia do not have endpoint detection and this would place those organizations’ potential insurability on the line. More than ever before, organizations need to place more emphasis on controls to help mitigate their cyberrisks,” said Faizal Janif, head of Asia Pacific cybersecurity advisory services at Marsh Advisory.Companies need to quantify cybersecurity risksThe study added that only 12% of companies in Asia quantify financial exposure to cyberrisk, a key metric while evaluating cyberthreats. This is the least among all geographies and less than half of the global average (26%).When questioned, 80% of respondents reported ‘lack of talent’ and 53% ‘lack of data’ to be the main reasons for such oversight. Moreover, 30% of the respondents pointed to an overall lack of cyberawareness and training in their organizations. Related content news Google launches Google Threat Intelligence at RSA Conference The new addition to Google Cloud Security is designed to give security teams information to inform approaches to protecting against external threats, managing attack surfaces, and mitigating digital risks. By Sascha Brodsky May 06, 2024 4 mins Google Cloud Functions Cloud Security Security Software brandpost Sponsored by Elastic Search + RAG: The 1-2 punch transforming the modern SOC with AI-driven security analytics AI is modernizing how SOCs function, triaging countless alerts down to a handful of attacks that matter most. By Mike Nichols, Product for Security at Elastic May 06, 2024 3 mins Artificial Intelligence how-to Download the Zero Trust network access (ZTNA) enterprise buyer’s guide From the editors of our sister publication Network World, this enterprise buyer’s guide helps network and security IT staff understand what ZTNA can do for their organizations and how to choose the right solution. By Josh Fruhlinger and steve_zurier May 06, 2024 1 min Zero Trust Access Control Network Security news Germany blames Russian hackers for months-long cyber espionage The attacks by Russia-backed Fancy Bear used an Outlook exploit to compromise several German officials’ accounts. By Shweta Sharma May 06, 2024 4 mins Advanced Persistent Threats Hacker Groups PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe