Technology & Innovation

Sharing the blame

July 21, 2014

Global

July 21, 2014

Global
Charles Ross

Asia editorial director

Charles Ross is Principal of Policy and Insights in Asia-Pacific and leads the region's technology and society practice. Prior to this role, he was editorial director for The Economist Intelligence Unit overseeing all thought leadership research in Asia. Charles combines a deep understanding of how technology trends are reshaping business and society with excellent research and editorial skills, to create impactful and award-winning research programmes for clients. Charles is currently based in Australia and has led many projects analysing the implications for business of new technology trends such as blockchain, fintech, smart cities, cloud computing, sustainability and the internet of things, for Google, Stripe, SAP, Telstra, Microsoft, Prudential, Westpac and the Singapore government. He is a contributing industry expert to the UN Science Policy and Business Forum on the Environment and a frequent speaker at finance and technology events across the region. Charles holds a master of business administration, focusing on strategy and organisational change, from the University of Oxford and a certificate in public policy analysis from the London School of Economics and Political Science.

Contact

A recent survey on data security by the Economist Intelligence Unit (EIU) shows that while governments try to work together to develop effective regulation to prevent data security breaches, the onus is on companies to collaborate to minimise their damage.

An executive summary of the findings can be read here.

Hampered by fragmented legislative environments, governments across Asia are finding it difficult to harmonise regulations covering data usage or provide consistent guidance to companies on how to deal with security breaches. Their own behaviour towards security breaches doesn’t make them the best role models for companies either. Revelations about the mass surveillance carried out by Western intelligence agencies made by Edward Snowden, a contractor to America’s National Security Agency (NSA), highlighted the widespread breaches which governments themselves are instigating. This has created an air of mistrust toward governments that continues today, taking us further from the collaboration required to deal with the escalating cyber security problem.

So while regulation will take some time to catch up and governments hopefully resolve their own complicity in compromised data security, the EIU survey of 200 senior executives across Asia has shown that companies can mitigate some of the damage from data security breaches by disclosing them when they happen.

But they need to act quickly, as the occurrence of data breaches is alarmingly high, with only 35% of firms confident that they haven’t experienced a breach in the last 12 months. This is not surprising, as barely a day goes by without another revelation in the press describing yet another high profile data security breach. In Defending the digital frontier a cyber-security special report published by The Economist recently, America’s president, Barack Obama, was quoted as saying that cyberthreats “pose one of the gravest national-security dangers” the country is facing.

Despite this apparent failure to protect data, firms are not blaming their IT systems. Rather, the high level of reported trust in their organisation’s IT (expressed by 85% of respondents) illustrates acceptance of the reality that data breaches are going to occur regardless of the quality of companies’ IT systems. The Heartbleed bug, a newly discovered security vulnerability that puts users’ passwords at many popular websites at risk, is a recent reminder that all IT systems are vulnerable to attack. With this in mind, companies are looking at ways of proactively taking the lead in limiting the damage when breaches do take place.

The Economist cyber-security special report suggests that companies need to be more vigilant and deploy better defences against attacks, but how effective this approach will be is unclear . What is clear is that they must do so: almost 40% of firms in Asia report significant economic loss as a result of data security issues. Driven by this, companies are increasingly looking to collaborate to minimise the impact of such breaches, particularly when they see the positive reputational benefit that disclosure and collaboration can bring.

Companies have the opportunity to work together to limit the effects of cyber attacks and compromised data security, while showing the public that they are open and honest about the issue. If they are successful, then the question an increasingly frustrated public will ask is why can’t governments do the same? 

 

The views and opinions expressed in this article are those of the authors and do not necessarily reflect the views of The Economist Intelligence Unit Limited (EIU) or any other member of The Economist Group. The Economist Group (including the EIU) cannot accept any responsibility or liability for reliance by any person on this article or any of the information, opinions or conclusions set out in the article.

Enjoy in-depth insights and expert analysis - subscribe to our Perspectives newsletter, delivered every week