ASEAN needs cohesive approach to cybersecurity to reach its full digital potential

05 February 2018 5 min. read

The ASEAN digital economy could add as much as $1 trillion in GDP over the next ten years, but the lack of a cohesive regional approach to cybersecurity and an especially heightened risk threatens to undermine the sector’s full potential. 

In an impassioned call-to-action, the global management consulting firm A.T. Kearney has implored the ASEAN region to start taking further steps to shore up its currently fragile cybersecurity mechanisms, warning of the $750 billion threat posed without urgent and coordinated remedial action.

The ASEAN bloc, which with a present population of 645 million people consists of Singapore, Malaysia, Indonesia, the Philippines, Thailand, Vietnam, Myanmar, Cambodia, Brunei and Laos, is already the world’s 7th largest economy at a combined GDP of $2.7 trillion – projected to exceed $4 trillion in just four years at a CAGR of 8.2%.

As it stands, the ASEAN digital economy contributes about $150 billion in revenues per year, but a previous report by A.T. Kearney estimated that, if certain conditions are met, the sector could add up to $1 trillion in GDP over the coming decade to become one of the world’s top-five digital economies.

ASEAN’s digital economy has potential to add an incremental $1 trillion in GDP by 2025

To date, however, there has been little progress in the way of preparedness as to intuitional oversight, both in terms of certain member states and as a coordinated regional bloc. The report notes that while Singapore, Malaysia, Thailand and the Philippines have established individual cybersecurity strategies, countries such as Laos, Cambodia, Myanmar and Brunei have neither national strategies in place nor existing sector-specific governance and operational bodies – rendering the intraregional sharing of threat intelligence especially problematic.

Moreover, the absence of a unifying legal framework on cybersecurity, or a regulatory body with enforceable powers such as is the case for the EU, will continue to hamper efforts for a unified ASEAN response, delimiting readiness assessments, strategy development, incident reporting, and the ability to capitalise on shared knowledge. A divergence in national priorities in respect to varying paces of digital evolution adds to the difficulties, as does the prevailing culture of poor transparency and current climate of mistrust. 

Cybersecurity policies vary widely across the ASEAN region

Exacerbating these issues is the present lack of public- and private-sector spending on cyber defence, with ASEAN businesses underestimating the magnitude of the threat and potential value-at-risk – complex assessments of which involve identifying high-value assets that may be at risk and determining the full-ranging impact of a hypothetical breach.

The ASEAN region’s collective cybersecurity outlay was estimated at $1.9 billion for last year, a figure at 0.06 percent of total GDP, with Singapore accounting for the vast majority of national spending with a 42% overall contribution. While this majority contribution is expected to weaken slightly in the coming years, the report’s authors project that, as the ratio of regional cybersecurity spending rises to 0.10% of the GDP in the period to 2025, Singapore together with Malaysia and Indonesia will still be responsible for over 75% of total expenditure.

And, with the exception of Singapore as an outlier, the region currently lags a long way behind. In terms of spending-to-GDP ratios, the overall 0.06% ASEAN rate at present falls well short of the global average of 0.13%, a sum which is today greater than the increased 2025 ASEAN forecast. Discounting the trio of Malaysia (0.08%), Thailand (0.5%), and Singapore (which at 0.22% is a world leader and well above the 0.16% average for mature economies), the remainder of ASEAN country spending sits at 0.04% or less, with a rapidly growing Indonesia remaining at a relatively paltry 0.02%.

Benchmarking cybersecurity spend as percent of GDP

Adding to this mix is the ASEAN region’s already emerging status as a hotbed for cybercriminal activities, with the current vulnerabilities compounded by further regional factors such high levels of connectivity and intraregional trade. Malaysia, Indonesia and Vietnam have in particular been used in recent times as launchpads for global malware attacks, recording up to 3.5 times the standard international ratio for blocked suspicious web activities.

Together, the consulting firm warns of a possible $750 billion loss in market capitalisation for the top 1000 ASEAN companies, and the risk that cybersecurity concerns could impede trust and resilience and hinder the region’s digital development, ultimately undermining the opportunity for the sector in Southeast Asia to realise its full economic potential. It’s imperative then the nations of ASEAN develop a coordinated strategic approach to cybersecurity, for as the report states, its growing economic interconnectedness makes the region only as strong as its weakest link.