SINGAPORE -- Countries in the Association of Southeast Asian Nations remain a prime target for cyberattacks as the region becomes more closely linked through trade, capital flows and technology, making it more prone to complex cyberattacks, including state-sponsored activity from North Korea, according to a report by global management consulting firm A.T. Kearney.
ASEAN countries are also being used as launchpads for cyberattacks, the report said. Among the ASEAN countries, Malaysia, Indonesia and Vietnam remain global hotspots for the launch of malware attacks. Vietnam registered 1.68 million Internet Protocol blocks from December 2015 to November 2016. In 2016, it was ranked fifth among the world's top countries from which attacks against "internet of things" devices originated. As a result, top companies from ASEAN could lose $750 billion in market capitalization, the report said.
ASEAN is the world's seventh-largest market, with a combined gross domestic product of more than $2.7 trillion. The report noted that the region is also "strategically positioned" to capture trade with other economic powerhouses, both geographically and diplomatically. Trade with China alone is expected to reach $1 trillion by 2020.
With the threat increasing, ASEAN's cybersecurity spending is set to rise. In 2017 alone, ASEAN's cybersecurity spend was estimated at $1.9 billion. It is expected to grow by double-digits to $5.45 billion up to 2025. But the region still remains vulnerable to attacks, as it is relatively underinvested compared to other regions.
Among the ASEAN nations, Singapore took the top spot for having the highest cybersecurity spend, at 0.22% of its GDP, making it the sole country in the region ahead of the global spend of 0.13% of GDP for 2017. It was followed by Malaysia and Thailand, at 0.08% and 0.05% respectively. Overall ASEAN as a region spends 0.06% of GDP on cybersecurity.
The report also warned that ASEAN's cybersecurity resilience remains low, "particularly around policy, governance and cybersecurity capabilities."
"The absence of a unifying regional governance framework makes it difficult to collaborate and share intelligence within and across countries," it said. "Businesses have also underestimated the value-at-risk, resulting in a lack of adequate spending on cybersecurity," it added.
The shortage of skilled talent could also have an impact on cybersecurity. "Security leaders are likely to face a shortage of skilled and qualified cybersecurity professionals to implement their cybersecurity agenda," the report said.
To combat these issues, the report suggested that encouraging innovation in cybersecurity through partnerships with global IT vendors and greater mobility of talent "could generate significant gains for the region."