As the demand for digital goods and services accelerates across Southeast Asia, vulnerabilities in both public and private systems are making the region a global hotspot for malicious cyber-attacks.
To protect data and infrastructure, organisations across Southeast Asia are investing heavily in cyber security services and solutions. Spending on cyber security in the region is rising by an average 15% per year.
There is a shortage of local skills and talent, however, and this creates a potential market opportunity worth A$7.3 billion for Australian cyber security businesses.
Austrade and AustCyber are helping ambitious Aussie firms get their foot in the door.
Since 2017 the two organisations have partnered to support the overseas ambitions of Australian cyber security companies. In August this year the two agencies commenced a formal collaboration plan that includes research, analysis and market-introduction programs.
One recent Austrade-AustCyber collaboration was a cyber security dedicated Singapore Landing Pad. Held from May to August 2019, this three-month residency was organised by Austrade and AustCyber to help small Australian cyber security companies understand markets in Southeast Asia, including regulations and market dynamics.
The Landing Pad objective: to provide a gateway for Australian cyber security companies into Asian markets.
A Singapore success story
According to a new report by Austrade and AustCyber, ‘Cyber Security Opportunities in the ASEAN region,’ the market for cyber security in the member countries of the Association of Southeast Asian Nations (ASEAN) is predicted to almost triple over the next five to six years.
The ASEAN region is set to become equivalent to the world’s fourth-largest economy by 2030. It encompasses developed markets such as Singapore and Malaysia, as well as large and growing markets like Indonesia, Thailand, Vietnam and the Philippines. In these developing markets, many institutions may be adopting cyber security services and solutions for the first time.
As a multinational financial centre and regional trade hub, Singapore alone is projected to have a cyber security market worth A$913 million by 2020. Earlier this year,Entersoft Security director and co-founder Paul Kang took part in one of Austrade’s Singapore Landing Pad programs. It included paid workshops and briefings, and introductions to industry players and allies.
Kang and his team were looking to establish a presence in the Southeast Asian region. He says the credibility they gained through participation in the Landing Pad made it much easier to build a rapport with locals.
“Our experience in Singapore has been amazing,” he says. “It’s one of the easiest places to set up – and there are great business incentives – but the biggest advantage we see is the opportunity to expand into other parts of Southeast Asia.”
A huge and diverse market for cyber security
The scale and opportunity of the ASEAN region are enormous, Kang says, as the technology landscape is changing so rapidly. This brings new threats from hackers who are “ … way ahead of organisations in terms of their security capabilities.”
One high-profile example is the 2018 attack on the records systems of Singapore’s largest healthcare organisation, SingHealth. Hackers gained illicit access to a front-end computer at Singapore General Hospital – most likely via a phishing email – and installed customised malware using open source tools to evade anti-virus software.
For four months the malware worked its way from computer to computer. It stole credentials such as usernames and passwords, until it accessed the Electronic Medical Record database.
From 27 June to 4 July, when the attack was first detected by administrators, the hackers stole the personal data of 1.5 million patients. The outpatient medical records of 160,000 people were stolen, including the medical records of Prime Minister Lee Hsien Loong.
Data breach costs to reach A$2.8 trillion in 2020
The SingHealth attack is just one of a spate of cyber attacks in a region where the global cost of data breaches to businesses is estimated to reach A$2.8 trillion by 2020.
“If you’re looking at scaling and growing globally, the ASEAN region presents a great opportunity for cyber security businesses, and it’s definitely worthwhile exploring,” Kang says. He adds that it’s important to “do your homework” by looking into local cyber security strategies and the problems and challenges they’re trying to solve.
“I think the best approach is to do your market research first: if you’re looking into some of the emerging markets, it’s very different to the way business is done in Australia,” he says.
For Kang, the Austrade Landing Pad has proved just that. Entersoft Security stayed on in Singapore and enrolled in a six-month scaleup program called Singapore ICE71. Co-founded by Singtel and the National University of Singapore, ICE71 is the region’s first cyber security hub for entrepreneurs.
Kang anticipates that Entersoft Security will set up a permanent office in Singapore by the end of 2019.
The Landing Pads program provides market-ready Australian startups and scaleups the opportunity to land and expand into major global innovation and startup ecosystems, including San Francisco, Tel Aviv, Shanghai, Berlin and Singapore.