News Summary:

  • One in two Asia Pacific SMBs suffered a cyber incident in the last 12 months
  • 51% of those that suffered cyber-attacks said these cost the business US$500,000 or more
  • SMBs are preparing to tackle this, with 81% having simulated cybersecurity incidents in the past 12 months

Small and medium-sized businesses (SMBs) in Asia Pacific are exposed, under attack, and more worried about cybersecurity threats than before, a new study by Cisco shows. According to the study, one in two (56%) SMBs across Asia Pacific suffered a cyber incident in the past year. As a result of these incidents, 75% lost customer information to the hands of malicious actors.

This is making SMBs across the region more apprehensive about cybersecurity risks, with 75% saying they are more worried about cybersecurity now than they were 12 months ago and 84% saying they feel exposed to cyber threats. However, SMBs across the region are not giving up. In fact, the study highlights that they are taking strategic measures like carrying out simulation exercises to improve their cybersecurity posture.

Titled Cybersecurity for SMBs: Asia Pacific Businesses Prepare for Digital Defense, the study is based on an independent, double-blinded survey of over 3,700 business and IT leaders with cybersecurity responsibilities across 14 markets in Asia Pacific. The survey highlighted that SMBs saw a myriad of ways in which attackers tried to infiltrate their systems. Malware attacks, which affected 85% of SMBs, topped the charts, followed by phishing, with 70% saying they experienced such attacks in the past year.

The number one reason highlighted as the cause of these incidents was cybersecurity solutions not being adequate to detect or prevent the attack. More than a third (39%) of those that suffered incidents ranked this as the top factor. Meanwhile, 33% ranked not having cybersecurity solutions as the number one reason.

These incidents are having a tangible impact on business. More than half (51%) of SMBs in the region that suffered cyber incidents in the past 12 months said that these cost the business US$500,000 or more, with 13% saying that the cost was US$1 million or more.


“The accelerated pace of digitalization over the last 18 months has fueled a critical need for SMBs to invest in solutions and capabilities to ensure they are safeguarding themselves on the cybersecurity front. This is because the more digital they become, the more attractive a target they are for malicious actors. While the growing cybersecurity concerns among SMBs may be seen as negative by some, it is actually an encouraging sign as it demonstrates increased levels of awareness and understanding of cyber risks, which is the first step in improving the security posture,” said Bidhan Roy, Managing Director, Commercial Enterprise & Mid-market Segment, Asia Pacific, Japan & Greater China, Cisco.


Besides the loss of customer data, SMBs that suffered a cyber incident also lost internal emails (62%), employee data (61%), intellectual property (61%), and financial information (61%). In addition, 62% of those that suffered an incident said it disrupted their operations, while 66% admitted it had a negative impact on their reputation and more than half (57%) said it resulted in a loss of customer trust.


Conquering Fear with Preparedness

Cisco’s study found that while SMBs in Asia Pacific are more worried about cybersecurity risks and challenges, they are also taking a planned approach to understand and improve their cybersecurity posture through strategic initiatives. According to the study, 81% of Asia Pacific SMBs have completed scenario planning and/or simulations for potential cybersecurity incidents in the past 12 months and the majority have cyber response (81%) and recovery plans (82%) in place.

Eighty-five percent of respondents who completed scenario planning and/or simulations uncovered weak points or issues in their cyber defenses. Of those that identified weaknesses, 95% revealed issues with not having the right technology in place to detect a cyber-attack or threat. The same number found that they had too many technologies and struggled to integrate them together.

SMBs are also increasingly aware of where their biggest cyber threats come from. The research highlighted that phishing (43% ranked it #1) is seen as the top threat by SMBs across the region. Other top threats to overall security include unsecured laptops (20% ranked #1), targeted attacks by malicious actors (19% ranked #1) and personal devices (12% ranked #1).

The good news is there are generally strong levels of investment by SMBs in cybersecurity. Across the board around three quarters of Asia Pacific SMBs have increased their investment in cybersecurity since the start of the pandemic, with around two in five increasing investments by more than 5%.

These investments are well distributed across areas such as cybersecurity solutions, compliance or monitoring, talent, training, and insurance, suggesting a strong understanding of the need for a multi-faceted and integrated approach to building a strong cyber posture.


“Cybersecurity is evolving rapidly. This is being driven by trends like the expanding attack surface, move to multi-cloud, rise of hybrid work, as well as new security requirements and regulations. It is therefore crucial for businesses, regardless of their size, to not only have the right solutions to detect, block, and remediate any cyber threats but also visibility across their userbase and entire infrastructure. As they embark on their digitalization journeys, SMBs have a unique opportunity to lay the right foundation for their security posture and build their business on a strong foundation of trust,” said Kerry Singleton, Managing Director, Cybersecurity, Asia Pacific, Japan, China, Cisco.


The report highlights five recommendations that organizations of all sizes can employ to improve their cybersecurity posture given the ever-changing landscape. They are: having frequent discussions with senior leaders and all stakeholders, taking a simplified, integrated approach to cybersecurity, staying prepared through conducting real-world simulations, training and educating employees, and working with the right technology partner.


Additional Resources:


# # #


About Report Methodology  

 The COVID-19 pandemic has fueled a critical need to invest in technology solutions and capabilities among organizations of all sizes, at first for survival, and now to thrive in the new normal. This is especially true for SMBs across Asia Pacific. Commissioned by Cisco and conducted by Dynata, the Cybersecurity for SMBs: Asia Pacific Businesses Prepare for Digital Defense study explores the evolving cybersecurity challenges facing SMBs in the region, how SMB leaders are approaching cyber preparedness, and recommendations for improving it.

The report presents and analyses the findings of a survey of business and IT leaders with cybersecurity responsibilities at over 3,700 SMBs across 14 markets in Asia Pacific. The markets are Australia, China, Hong Kong, India, Indonesia, Japan, New Zealand, Malaysia, Singapore, South Korea, Taiwan, Thailand, the Philippines, and Vietnam.