How CIOs can rise to meet the security risks in Asia

  • Security risks are an inherent part of doing business today in Asia and beyond.

  • Executives must assess their security provisions: understand exposure, make informed decisions, select the right technologies and partners.

Top executives from around the world understand that cyber criminals now have even more ways to steal and hack into stored corporate data, whether that’s for financial information, marketing plans, or confidential emails. They are not only using apps, routers, and firewall-protected networks, but also sophisticated technologies that are often undetectable, such as Advanced Persistent Threat (APT) attacks. Cyber criminals can get within your network and siphon off data over an extended period of time, sometimes using a more traditional Distributed Denial of Service (DDoS) attack as a cover for the intrusion.

Challenges in Asia

In Asia, these global risks are being amplified by two factors: the fast pace of the merger and acquisitions (M&A) process and the fluidity of the job market for senior IT personnel.

The volume of M&A activity in Asia reached a record high of $367.7 billion in the first half of 2014, when global deals rose 41 percent to $1.83 trillion [i]. While volumes across the U.S. and Europe are also high ($815.7 billion and $507.9 billion respectively), Chief information officers (CIOs) and executives in Asia must be even more vigilant to ensure that security is not compromised by the speed at which deals are done.

Security is a critical component of M&A due diligence today. Determining whether a new partner brings an acceptable level of cyber risk should be as crucial as evaluating the deal’s financial and legal implications. An undetected APT intrusion in a target company could, for example, allow confidential documents to be monitored during negotiations and open a backdoor to your network post-acquisition if vulnerabilities are not addressed. Publicity around an M&A could also attract malicious activity as cybercriminals probe for weaknesses. Getting appropriate security in place before integration begins is vital to protecting both entities as well as the value of the deal.

Globally, CIO turnover is higher than for other C-level roles: in a 2012 survey of 60 CIOs from large international companies, 65 percent had held two or more CIO roles, with 40 percent saying they didn’t expect to be in their current position beyond another year or two [ii].

On the positive side, it is clear that Asian businesses are well aware of the security risks inherent in doing business today and amplified by M&A and other leadership changes. The PwC Global State of Information Security® Survey 2014 put Asia in the top security spot again with an 85percent year-on-year increase in security spending and good progress on the adoption of security measures such as intrusion-detection technologies [iii]. On average, security spending is a significant part of the overall IT spend, with higher spending by companies that invest more in research and intellectual property and by organizations concerned with health and public safety, such as hospitals and emergency services.

CIO security checklist

Addressing these challenges, here are my top three action items for executives to consider when assessing their security provisions.

1. Understand your security exposure. Consider what technologies, policies, procedures, and controls protect you from threats. How effective is this technical and non-technical security infrastructure? Do you regularly review firewalls and logs, searching for evidence of a breach?

2. Integrate security into decision making. Make top security part of your business development projects and growth strategies. Consider the monetary value of security and proactive risk management.

3. Select the right security technologies, policies, tools, and partners.  You have to keep pace with escalating security risks. Can you consolidate your basic security solutions and invest more wisely? How are you supporting employees and third-party partners to protect your business data and intellectual property?   

Selecting and updating the right security technology portfolio for your organization can be daunting. A certified security provider can act as a trusted advisor. It will guard all elements of your infrastructure and protect your network and reputation, while ensuring regulatory compliance and business continuity. A world-class partner will operate on a global scale and have the resources to keep on top of new threats and abreast of new technologies. It will also provide a continuous high level of service during transitional periods, such as when a new C-suite executive like a CIO or CEO is hired.

Learn more about network security services from AT&T.  


[i] Dealogic,Global M&A Review | First Half 2014. Accessed 19.08.14 here. [ii] Strategy+ (formerly Booz & Company), CIO Success(ion) Study, 2013. [iii] PwC, The Global State of Information Security® Survey 2014. Accessed 19.08.14 here.

Vanessa Lew Senior Security Advisor AT&T About Vanessa