The Ministry of Communication and Information Technology launched a web crawler, operated by a special team known as Cyber Drone 9, at the beginning of the year to actively seek out negative content on the internet and prevent Indonesians from accessing it. (Reuters Photo/Mal Langsdon)

KPMG: Companies in Southeast Asia Are Exposed to Cyber Security Risk


APRIL 20, 2015

Jakarta. Companies in emerging Southeast Asia must start enhancing cyber security to protect from growing potential cyber crimes, a report from global consultant firm KPMG revealed on Thursday.

Lyon Poh, cyber security partner of KPMG in Singapore, said emerging markets are not immune to cyber threats.


Southeast Asia’s economy has a growing role in global supply chains which attract cyber attacks, particularly as there is still weak governance in the handling of sensitive data, he said.

“Cyber security in the region used to be less attractive for hackers because they target big companies.

“But there are many capital flows here which now clearly attract attention of cyber criminals,” Poh said on the sideline of a presentation in Jakarta on Thursday.

The report, titled “Cyber Risks in the Emerging Markets,” points out that the risks arise from four areas: the complexity of supply chains, the need to remain low cost to attract investment, the rapid spread of technology without adequate availability or awareness of training on technological risks and weak regulations.

Poh said there has been increasing awareness for the region’s companies.

Still, there remain businesses — particularly small and medium enterprises — which don’t realize the importance of investing in information security.

Ho Wah Lee, head of emerging markets at KPMG Indonesia, said as technology and digital businesses continue to grow in the region, the risks will also increase.

“Emerging markets are exposed because the investment for cyber security is limited or seen unnecessary,” he said.

Lee quoted data from the “World Economic Forum Global Risks 2015” report which ranked cyber attacks alongside unemployment and climate change as one of the top most significant long term risks worldwide.

It was projected in the report that delays to cyber security could cost $3 trillion in losses globally by 2020.

The KPMG report said organizations across the world spent $71 billion on information security last year.

Poh added that companies in the emerging markets can take a few steps to help protect themselves against cyber attacks.

He recommends establishing cyber hygiene practices, sharing information with industry peers, having a senior leader advocate the cause, acknowledge good practices and build up threat intelligence.

“Every business needs to have good cyber hygiene. You don’t need to invest much, you can do simple things like raising the awareness of users — human error is the weakest link of cyber security,” he said.

Poh said the cost of having security systems in the companies’ network could range from a couple of hundreds to thousands of dollar each year.

“You just need to do regular check ups and raise awareness of users to be safe with the companies’ credentials,” he said.

Muliaman D. Hadad, head of the Financial Services Authority (OJK), last year said there had been 36.6 million cyber attacks in the country in the previous three years.

According to the 2013 report “State of The Internet” from Akami, Indonesia ranks second worldwide as the country most prone to cyber attacks he said.

In the most recent Indonesian cyber incident customers of three local banks lost up to Rp 5 billion ($389,000), according to Irwan Lubis, deputy commissioner of banking division at OJK.

“There are 200 customers whose accounts were hacked,” he said on Thursday as quoted by local news portal

GlobeAsia and the Jakarta Globe are media partners of the 24th World Economic Forum on East Asia event in Jakarta.