In today’s era, data is king. It is a treasure trove of information that can provide customer insights, inform strategies, and even shape top-level business decisions — which makes Malaysia’s proneness to criminal data breaches that much more worrying.
To shed some light on how grave the situation has become, we need only look at one half of the previous year. Malaysia experienced an alarming 730 per cent increase in breached accounts between the first and second quarter of the year alone, making us the 11th most breached country in the world.
Despite multiple reported breaches amounting to hundreds of gigabytes of data, local businesses (particularly startups and SMEs) still lack cybersecurity awareness and the appropriate security measures to fend off these malicious attacks. Many assume they are unlikely targets due to their smaller size, or fail to fully understand the gravity of cyberattacks beyond how it will affect their customers.
Big-picture statistics aside, what do cybersecurity breaches mean for our businesses on a real, everyday scale?
#1: Steep losses to cover damage control and compensation
Ransomware — a malicious software attack that restricts access to critical systems or threatens to leak sensitive data until a monetary ransom is paid off — emerged as one of the most pertinent cyberattacks in Malaysia last year. Even if the demands are met, however, only 10% of companies get their data back in totality. The remaining only receive a portion of the stolen data, with the rest leaked to interested (and oftentimes malicious) parties on the black market.
Beyond a loss of data and financial losses to pay off the ransom, this further opens avenues for dissatisfied clients and customers to sue businesses for their negligence. The costs for a compromised business to bear is tiered: compensation to affected clients, legal retainer fees, even spending on crisis communications. Overall, this could eat up a significant portion of an organisation’s hard-earned revenue — with Malaysia’s Cyber Security Strategy 2020-2024 projecting a total economic loss of RM51 billion if cyberthreats are left unchecked.
#2: Crippled productivity and business continuity
Between blocked access to crucial systems and battling bad press about a reported cybersecurity breach, businesses stand to lose not just a great deal of money but also precious time. Unable to use company data or the platforms that keep the day-to-day running, productivity will come to a grinding halt, inevitably impacting business continuity in the long run as well as revenue.
This is especially significant for essential businesses that run around the clock, such as information technology, manufacturing, and logistics. Even the slightest interruption in this well-oiled machine could then affect other vendors or companies within a company’s business ecosystem, like other users further along the supply chain.
#3: Plunging reputation and broken customer trust
We are all customers ourselves in some shape or form, and the cold truth that we all know is that brand loyalty and customer trust takes years to build — but only seconds to come crashing down. Regardless of how established a brand is or how isolated a particular cyberattack incident is, the breach itself will be enough to taint the company’s reputation and open doors to a series of unwelcome consequences for customers.
More than the immediate losses in sales or users, it is the potential losses that may prove to be the most damaging. With a dip in public sentiment comes a domino effect that is incredibly difficult to stop: a decline in investor confidence, loss of upcoming business opportunities or contracts, and a plummeting business value. It could take years to fully restore relationships with clients or suppliers, which is a chunk of time many smaller businesses cannot afford.
#4: Costly intellectual property disputes
Established industry players rely on the confidential safekeeping of their intellectual property to maintain their strong market presence. For example, household names in food like KFC and Oreo are instantly recognisable by their iconic recipes; while sundry items like Panadol and Colgate have become interchangeable terms used in reference to commonplace products.
This protection of intellectual property is arguably even more important for startups and SMEs, many of whom consider it their one chance at breaking into an already saturated market! Should a cybersecurity breach render this patented data public, it could spell long legal battles, the near-impossible feat of recalling this information, and — most importantly — the fear that the business’ unique selling proposition can now no longer be unique.
#5: Forced revamping of operations, regardless of preparation
While an overhaul of existing security systems may well be long overdue, one of the worst things a business can do is initiating this revamp out of desperation rather than preparation. In the rush to overcompensate for their previous lack of security, a company runs the risk of not choosing the appropriate infrastructure to suit their organisational needs (or worse, spending unnecessarily for a feature they cannot benefit from).
So, in the words of everyday Malaysians — “how now?”
As cliche as it may sound, prevention is more often than not the best cure. Businesses need to realise early on that while bigger enterprises are more profitable targets of cyberattacks, SMEs are actually the ones that are most likely to be victims! Being restricted by a smaller pool of funds and a lack of understanding in implementing more robust security measures often make them more vulnerable and more desirable as targets.
Cybersecurity is never a one-off purchase — it is a long-term defence mechanism that needs to be ‘serviced’ and ‘maintained’ to provide effective protection against ever-evolving cyberthreats.
Beyond introducing IT security measures and training its employees to face these attacks, startups and smaller businesses should consider engaging a cybersecurity consulting firm that can identify appropriate infrastructure to meet specific business requirements. SRKK, for instance, provides scalable enterprise-level solutions that can grow or dial back as needed alongside a business.
In addition to improving overall business awareness of cybersecurity trends and threats, this also empowers companies to make more informed decisions and nip problems in the bud. Cybersecurity has come a long way: it is no longer an if, but a must, in the digital transformation strategies of any brand in the market.
By Phang Wai Yin, Chief Technology Officer of SRKK
