67% of businesses in SEA found themselves as victims of ransomware attacks
- Only 5% of the C-suite says that an internal or external incident response team is present
- 8% of the surveyed executives admitted to paying the ransom as fast as possible to gain access to their business data
The COVID-19 pandemic, combined with society’s growing digitalization, has led to an increase in cybercrime in Southeast Asia recently. As a result of this surge, East and Southeast Asian countries have been the target of numerous high-profile ransomware attacks in recent years.
In fact, APAC continues to struggle with ransomware attacks. Ransomware has gained considerable notoriety in the business world ever since the infamous Wannacry attack, with significant attacks on businesses making headlines month after month.
According to the most recent Kaspersky research, businesses in Southeast Asia (SEA) are very much on the radar of these cybercriminals, with three out of five (67%) indicating that they have been victims.
Global cybersecurity company Kaspersky surveyed 900 respondents from North America, South America, Africa, Russia, Europe, and Asia-Pacific – 100 of them were from Southeast Asia. Conducted in April 2022, researchers asked senior non-IT management (such as CEOs, VPs, and Director level) and business owners or partners at organizations with 50 to 1000 employees how they perceived the threat of ransomware.
34% of respondents who acknowledged having their data fraudulently encrypted by attackers say they were the victims of repeated ransomware attacks. The remaining respondents (33%) claimed to have only once encountered similar occurrences.
Hit with ransomware attacks, respond with paying the ransom
The majority (82.1%) of ransomware victims in the region had one thing in common: they all paid the demanded ransom. In fact, two digits more than the global average of 38.1%, 47.8% of the surveyed executives admitted to paying the ransom as fast as possible to gain access to their business data.
Nearly a quarter (23.9%) of those who attempted to recover their data through backups or decryption ultimately paid the ransom within two days, while 10.4% resisted for a week before giving in.
When asked what actions they would take if they encountered the same incident, the majority of ransomware victims (77%) said they would still pay the ransom. This is concerning because it shows a propensity for businesses that have already fallen victim to ransomware to comply, which encourages cybercriminals to carry out their attacks.
Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky, responded to these findings by saying that it is concerning to find that just 17.9% of firms in the region that were hit by ransomware refused to comply with the demands of the cybercriminals.
“We stand firm that paying the ransom should not be a kneejerk reaction for enterprises. But, with more than half (67%) of those we surveyed admitting that their organizations would not survive without business data if attacked, we understand the urgency and the desperation to get their data back as soon as possible, by all means,” he explained.
A crucial piece of the puzzle was also highlighted by Kaspersky’s study: the majority (94%) of SEA businesses will seek external assistance if they are ransomed. With 89.9%, this is slightly higher than the overall rate.
Interestingly, 20% of those will get in touch with law enforcement, while 29% will contact a third-party provider of cybersecurity incident investigation and response services like Kaspersky. The remaining percentage will get in touch with one or both of these external agencies to learn how to react to a ransomware attack.
Yeo claims that it is obvious that businesses in the SEA require assistance because only 5% of corporate leaders said their companies have internal incident response capabilities, a regular IT team, or a service provider to deal with a ransomware attack.
“We advocate for cross-border and public-and-private cooperation that will help governments and companies to combat threats like ransomware. However, such is not the only answer. Enterprises here should really look into acting on concrete steps to upskill or even to build their own security defense team with intelligence-led incident detection and response capabilities,” Yeo concluded.