Cyber-attacks on Indonesian companies in 2017 will eventually cost domestic businesses $34 billion due to direct financial losses and long-term reputation damage, according to a recent study commissioned by global technology giant Microsoft.
The study — which was carried out by research consultancy firm Frost & Sullivan by surveying 1,300 businesses and IT companies in the Asia-Pacific region — also put total potential losses to the region from cyber-attacks at $1.745 trillion, or 7 percent of the region’s current GDP.
Almost half of Indonesia’s companies could have already been affected by cyber-attacks last year. The study found 22 percent of companies surveyed in Indonesia reported they had a security breach, while 27 percent were unsure if they had had one, due to a lack of data forensics assessments.
Sixty-one percent of organizations either do not think about cybersecurity at all, or only after starting a new project. Almost seven out of 10 companies which had cyber attacks saw job losses in the last 12 months.
“Companies face the risk of significant financial loss, damage to customer satisfaction and market reputation — as has been made all too clear by recent high-profile breaches,” said Haris Izmee, president director of Microsoft Indonesia, in a statement last week.
Last year, Indonesia saw over 205 million cyber-attacks, including the ransomware WannaCry that attacked the country’s major hospitals, according to the Ministry of Communication and Information Technology.
In calculating the potential losses, the study took into account direct financial losses from the attacks themselves, the opportunity cost to the organization caused by the incident, such as loss of customers because of reputation loss. The study also estimated cyber-attacks induced costs on the broader economy, such as a decrease in consumer and business spending.
A large organization — one that has more than 500 employees — can possibly incur an economic cost of $16.3 million due to cyber-attacks.
Of this, only $1 million is likely to be a direct cost to the company itself. Around $5.7 million is predicted to come from indirect costs, and $9.6 million to come from the induced costs.
Over 90 percent of cyber-attacks can be prevented with maintaining most basic best practices, such as strong passwords, use of multi-factor authentications for suspicious log-in attempts and keeping all software up to date, Microsoft said.