A research, commissioned by Cohesity, indicates that increasingly sophisticated and voluminous cyberattacks are forcing most companies in Singapore and Malaysia to pay ransoms due to their inability to recover data and restore business processes. The study, which polled 504 IT and security decision-makers in both countries, highlights the prevalent reality that cyberattacks are a matter of “when,” not “if,” with a significant majority of organisations experiencing ransomware attacks in the past six months.

Alarmingly, 70% of respondents reported being victims of ransomware attacks in 2024. This includes 65% of Singaporean and 77% of Malaysian respondents. The outlook for the future is grim, with over 90% of respondents in both countries expecting the threat of cyberattacks to increase this year, and nearly half predicting an increase of over 50%.

Maintaining cyber resilience and data security strategies to match the current threat landscape remains challenging. About 41% of respondents lack complete confidence in their company’s ability to handle escalating cyber threats. Despite this, over 90% have stress-tested their data security and recovery processes in the past year, with more frequent testing reported in Malaysia.

The report underscores the critical role of cyber resilience in business continuity. However, resilience remains a challenge, with only 3% of respondents able to recover data and restore business processes within 24 hours. This figure drops to 1% for Malaysian companies. Furthermore, 24% can achieve recovery within 1-3 days, 34% within 4-6 days, and 25% within 1-2 weeks. Alarmingly, 13% need over three weeks for recovery.

Despite 97% of respondents targeting an optimum recovery time within a day, only 3% achieve this. Over a third aim for recovery within an hour, but a mere 4% tolerate business disruption for just 24 hours. Most respondents accept longer downtimes, with 34% tolerating 1-3 days, 53% accepting 4-6 days, and 8% extending beyond a week.

Consequently, 82% of respondents stated their company would pay a ransom to recover data, with 11% considering it depending on the amount. Notably, 59% of Singaporean and 74% of Malaysian respondents would pay over US$1 million, with some willing to pay over US$5 million.

The necessity of effective response and recovery capabilities is evident, with 69% of respondents admitting to paying a ransom in the last year, despite having a “do not pay” policy. Of these, 64% in Singapore and 76% in Malaysia paid significant sums, ranging from US$100,000 to over US$500,000.

“The unfortunate reality for organisations is that destructive cyberattacks, like ransomware or wiper attacks, are a major threat to their business continuity. However, organisations can face this reality head-on by enhancing their cyber resilience,” said James Blake, Global Cyber Resilience Strategist at Cohesity. “What is of major concern is that 69% of respondents said their organisation had paid a ransom, many breaking their ‘do not pay’ policies because they either can’t recover their data and restore business processes or overestimate their cyber resilience capabilities.”

Zero trust security and data privacy remain significant challenges despite increased regulation. Over 40% of respondents believe their centralised visibility of critical data could be improved. Less than two-thirds have deployed key access controls like multi-factor authentication and role-based access controls.

Sathish Murthy, Director of Systems Engineering at Cohesity ASEAN & India, remarked, “The first step in achieving cyber resilience is managing and securing access to the business-critical data that must be recovered to restore business processes. The fact that just over 2 in 3 have one of the three most important data access controls deployed demonstrates the significant risk that Singaporean and Malaysian companies face.”

Only 56% of respondents feel they have all necessary IT and security capabilities to comply with data privacy laws. The importance of advanced threat detection and data isolation for cyber insurance qualifications was highlighted by 88% of respondents.

The wide reach of AI extends to the cyber threat landscape, with 4 in 5 respondents having faced AI-based cyberattacks in the past year. However, 89% are confident in their AI-powered solutions to counter these threats.

As cyber threats continue to evolve, organisations must prioritize cyber resilience to safeguard their business continuity and maintain customer trust.