News Releases4 min read

Fear of cyberattacks delaying digitalization in Asia Pacific

boonchai wedmakawand

-    APAC could miss out on US$145bn in GDP growth in the next decade, according to latest Deloitte Cyber Smartreport commissioned by VMware

-    Singapore, Japan and Australia are most prepared on the Cyber Smart Index that ranks 12 APAC economies on cyber exposure and preparedness

AUSTRALIA – March 31, 2020 — As many as three in five businesses in the Asia Pacific region have put off digitalization plans out of fear of cyberattacks, according to the Deloitte Cyber Smart: Enabling APAC businesses report, commissioned by VMware, a leading innovator in enterprise software. The report analyzes cyber exposure, preparedness and economic opportunity across 12 economies in the region[1].

Digitalization offers game-changing productivity improvements, savings and consumer convenience but businesses and governments must be properly prepared. The growing speed and scope of digital transformation, along with the increasing number of targetable devices, are creating a ‘perfect storm’ for cyberattacks[2]. 48 percent of businesses in the region have experienced security attacks in the past 12 months and as many as 63 percent have experienced business interruption due to a security breach[3].

Effects of an attack can be long lasting and expensive. According to the report, large organizations with more than 500 employees in APAC may stand to lose as much as US$30 million in the event of a cyber breach[4]. Threats can also flow beyond individual organizations affected to broader business networks using ‘island hopping’ tactics.

“As the digital economy continues to grow in each country, so too does the exposure to cyberattacks. Being appropriately prepared can mitigate the risks to organizations and minimize the potential costs of an attack. Based on what we have seen in the region, businesses with an established cyber security strategy in place have confidence to invest in new technologies which can lead to higher levels of capital investment and productivity growth,” said Duncan Hewett, Senior Vice President and General Manager of Asia Pacific and Japan at VMware.

“The challenge for policy makers is to build a comprehensive legislative framework and environment that protects businesses from cybersecurity risks whilst allowing them to innovate and maximize the potential of digital technologies. We see interest from government, business owners, and vertical experts in building a cyber smart Asia Pacific that we estimate can unlock as much as 0.7 percent or US$145 billion additional GDP growth over the next ten years,[5]” said John O’Mahony, Partner and lead author of the research from Deloitte Access Economics in Australia.


Deloitte Cyber Smart Index 2020[6]

The Deloitte Cyber Smart Index 2020 examines the level of cyber risk exposure faced by countries in the region, and the degree of cyber preparedness. Focusing on the inherent exposure to cyberattacks, the Index looks at the size of attack surface, the frequency of attack and value that is at risk. Within the preparedness measure, the Index looks beyond legal and policy environment to examine how businesses can be better prepared for the growing cyber risks.

Singapore tops the rank as both the most prepared and the most exposed country in APAC, with highest rate of ICT penetration in APAC. With sound legal and organizational awareness, Singapore ranks consistently high across all measures of preparedness. Strong cyber legislation, and high rates of R&D are also traits shared by South Korea, Australia, New Zealand, and Japan that ranked high on country preparedness.

Malaysia is ahead of its peers with similarly low level of exposure but strong regulatory cooperation and a comprehensive privacy regime despite less impressive relative organizational capability.

Despite ranking low in exposure (11th), Vietnam experiences the highest frequency of cyberattacks. The lack of comprehensive legislation to deal with data security and privacy means the country is underprepared for cyberattacks. After Vietnam, Thailand experiences the second highest frequency of cyberattacks in the region. The growing use of online devices and interest in cryptocurrencies are expected to worsen Thailand’s exposure to risk.

What governments can do

Cybersecurity executives currently spend 7 percent of their time on regulatory and compliance, and twice the amount of time on cyber monitoring and operations[7]. A safer and lower risk cyber environment can help to redirect their attention to more critical cyber domains. Governments across the region have a range of tools to help organizations better prepare for cyber threats and get their digitalization projects back on track:

    1.   Leading by example

Governments are the fastest growing spenders on security in the region.[8] With critical digital services increasingly central to governments around the region, spending alone is not sufficient. Lawmakers should consider broader governance structures that support any cyber strategy from transformation to compliance to talent recruitment.

    2.  Regulatory harmonization 

Cybercrimes can originate from any part of the world and are often difficult to investigate and prosecute. Regulatory harmonization between sectors facilitates proactive cyber security strategies that contribute to stronger preparedness across the region, and ultimately lead to greater enforcement of local laws—even in foreign jurisdictions.

    3.  Procurement

Government procurement practices have an influence on the broader private sector. By implementing minimum cyber security criteria, there is an opportunity to dentify potential flaws in the sourcing process and reduce overall costs of responding to a cyberattack.

    4.  Reporting

Regional variation in reporting standards increases the regulatory burden on businesses operating in the region. Reporting regulation must ensure companies operate under the best standards of data protection without imposing burdensome restrictions on their day-to-day operations.

    5.  Developing skills

APAC represents the largest regional skills shortage in the world with 2.6 million fewer workers than required.[9] In comparison the second largest shortage found in Latin America which requires another 600,000 workers[10]. This presents tremendous opportunity to implement specialized cyber security training, both those entering higher education and those retraining or upskilling.

For more information about the report, click here.

About Deloitte’s Cyber Smart: Enabling APAC businesses report

Commissioned by VMware, Deloitte’s Cyber Exposure and Preparedness Indexes have been created by Deloitte Access Economics where the research was conducted from September to December 2019. In the exposure index, there are two pillars and six sub-pillars, consisting of 20 unique measures. In the preparedness index there are two pillars and seven sub-pillars, consisting of 23 unique measures. To create this index, Deloitte has drawn on the subjective judgement and experience of seven economists and over 10 cyber experts across the Asia-Pacific. Countries assessed include Australia, India, Indonesia, Malaysia, New Zealand, Japan, Philippines, Singapore, South Korea, Sri Lanka, Thailand, and Vietnam. Please refer to the Technical Appendix within the report for further information.

About VMware

VMware software powers the world’s complex digital infrastructure. The company’s cloud, networking and security, and digital workspace offerings provide a dynamic and efficient digital foundation to customers globally, aided by an extensive ecosystem of partners. Headquartered in Palo Alto, California, VMware is committed to being a force for good, from its breakthrough innovations to its global impact. For more information, please visit


[1] Cyber Smart: Enabling APAC businesses, VMware-Deloitte, March 2020

[2] Cyber Risk in APAC, Marsh and McLennan Companies, 2017  

[3] Telstra Security Report 2019, Telstra, June 2019

[4] Cybersecurity threats to cost organizations in APAC US$1.75 trillion in economic losses, Microsoft, May 2018

[5] Cyber Smart: Enabling APAC businesses, VMware-Deloitte, March 2020

[6] Cyber Smart: Enabling APAC businesses, VMware-Deloitte, March 2020

[7] Cyber Smart: Enabling APAC businesses, VMware-Deloitte, March 2020

[8] Cyber Regulation in APAC: How financial institutions can craft a clear strategy in a diverse region, Deloitte, March 2017

[9] Strategies for building and growing strong cybersecurity teams: cybersecurity workforce study, ISC, November 2019.

[10] Strategies for building and growing strong cybersecurity teams: cybersecurity workforce study, ISC, November 2019.