Only 12% of companies in Asia quantify their financial exposure to cyber threats, less than half the global average of 26% according to a recent study by Microsoft and Marsh. Credit: cyano66 / Getty Images Over two-thirds (69%) of security leaders in Asia are confident about their organization’s cybersecurity resilience, even as 48% also admit that there is still room for improvement, a new joint study by Microsoft and risk advisory firm Marsh has found.The Asian edition of The State of Cyber Resilience report, which had over 660 participants, including CEOs, CISOs, and risk managers, revealed that companies in Asia have experienced a far higher number of privacy breaches (28%) and denial of service attacks (21%) as compared to their global peers (18% and 14% respectively).Companies in Asia perceived privacy breaches or the loss of data as their top security concerns, while globally ransomware was observed as the biggest concern among organizations. As such, data loss is a critical concern that needs to be addressed and factored into cyberrisk management strategies, the report said. Contrary to global standards, only 58% of the respondents in Asia considered ransomware amongst their top cybersecurity concerns. Earlier this year, a report by IBM Security revealed ransomware as the top global attack type, contributing 20% to overall cyberattacks. Phishing and vulnerability exploits were found to be the top infection vectors for ransomware.Companies in Asia have a passive approach to securityThe study also found Asian organizations to have a passive approach to responding to cybersecurity incidents, focused largely on post-mortem evaluation. One in three (34%) organizations in Asia admitted to not having endpoint detection and response, a key insurance requirement. Additionally, 26% of the companies in the region have not made improvements to their devices in the past 12 months, compared to just 9% of organizations globally.More than a third (35%) of respondents in Asia evaluate a new technology for cyberrisks only when a cyberattack or incident has occurred. Also, 62% of the companies in Asia have placed a stronger emphasis on conducting a post-mortem review after an attack in the last 12 months.Asia’s highly contrasting approach has possibly led to a denial or miscalculated stance on its cybersecurity preparedness and calls for an immediate revisiting of security approaches for the region, the report pointed out.“It is worrying to see that 1 in 3 of organizations in Asia do not have endpoint detection and this would place those organizations’ potential insurability on the line. More than ever before, organizations need to place more emphasis on controls to help mitigate their cyberrisks,” said Faizal Janif, head of Asia Pacific cybersecurity advisory services at Marsh Advisory.Companies need to quantify cybersecurity risksThe study added that only 12% of companies in Asia quantify financial exposure to cyberrisk, a key metric while evaluating cyberthreats. This is the least among all geographies and less than half of the global average (26%).When questioned, 80% of respondents reported ‘lack of talent’ and 53% ‘lack of data’ to be the main reasons for such oversight. Moreover, 30% of the respondents pointed to an overall lack of cyberawareness and training in their organizations. Related content feature Looking outside: How to protect against non-Windows network vulnerabilities Security administrators who work in Windows-based environments should heed the lessons inherent in recent vulnerability reports. By Susan Bradley Apr 25, 2024 7 mins Windows Security Network Security Security Practices brandpost Sponsored by Palo Alto Networks Cloud security teams: What to know as M&A activity rebounds in 2024 Direct visibility is critical in M&A, and cloud-native application protection platforms (CNAPP) are ideal to provide this capability. By Amol Mathur, SVP & GM of Prisma Cloud, Palo Alto Networks Apr 25, 2024 4 mins Cloud Security news Salt Security adds defense against OAuth attacks The new offering is designed to mitigate vulnerabilities and misconfigurations associated with the open authentication (OAuth) authorization framework. By Shweta Sharma Apr 25, 2024 3 mins Authentication Security Software news Cisco urges immediate software upgrade after state-sponsored attack Hackers exploited previously undetected vulnerabilities in Cisco’s Adaptive Security Appliances — a product that combines multiple cybersecurity functions. By Prasanth Aby Thomas Apr 25, 2024 3 mins Vulnerabilities PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe