Cybersecurity in ASEAN An Urgent Call to Action

Cybersecurity in ASEAN: An Urgent Call to Action

4Conclusion andNext Steps

The region’s response to the cybersecurity challenge needs to be comprehensive and forward-

looking, engaging an array of stakeholders to deal with the threat and support the region’s leap

into the vanguard of the digital economy. No country, company, or individual can surmount

the cybersecurity challenge alone. Thus, every stakeholder has a role to play in creating a safe

environment. The crucial shift from the failures of traditional cybersecurity to cyber resilience

will require moving beyond protecting against attacks to building resilient assets and processes.

The practices, procedures, and processes used to build and maintain technological systems will

determine the success or failure of the next big attack.

In section 3, we highlighted that concerted actions will be required along a comprehensive

four-point agenda to tackle the core of the problem:

Elevate cybersecurity on the regional policy agenda.

Secure a sustained commitment to cybersecurity.

Fortify the ecosystem.

Build the next wave of cybersecurity capability.

Immediate action is required. In figure 30 on page 47, we have outlined some of these actions.

In the short term, national governments across ASEAN should speedily implement the 12-point

agenda highlighted under the Rapid Action Cybersecurity Framework. The ASEAN secretary-

general’s annual report should be expanded to include a review of how each country’s progress.

This would increase awareness and raise the bar in terms of preparedness.

A sustained and committed approach to investing in cybersecurity is needed as the region

becomes more digitally connected. From 2017 to 2025, ASEAN will need to spend $171 billion

(0.35 to 0.61 percent of annual GDP) to align with international benchmarks. Given that the

value-at-risk for ASEAN’s top 1,000 listed companies is roughly $750 billion in terms of current

TheUnitedKingdom’sMalvernCybersecurityCluster

TheUnitedKingdomhas one of

themost successful cyberse-

curity industrieswhenmeasured

in terms of economic growth. The

sector alone contributedGBP 1.8

billion in exports to theUK

economy in 2015 andgrew from

GBP 17.6billion in 2014 to almost

GBP 22 billion in 2015. Despite its

relatively small size, theUnited

Kingdomhas 17 cybersecurity

clusters.

In 2014, amiddemand fromsmall

cybersecurity companies across

the country, theUKCyber

Security Forumsocial enterprise

was spun out of Key IQand

founded to help volunteers start

cybersecurity clusters across the

nation. The Forumacts as a focal

point for organizations that want

to engagewith small, innovative

companies and facilitates

lobbyingwith the government

about issues they face. The

MalvernCyber SecurityCluster is

nowone of the clusters under the

umbrella of the Forum.

TheMalvernCyber Security

Clusterwas founded in

September 2011 byKey IQLtd.

and today has a high concen-

tration of active and innovative

small cybersecurity companies.

The area is nowrecognized as one

of the primary locations in the

UnitedKingdomfor the research,

development, and commercial-

ization of cybersecurity products

and services and is increasingly

referred to asCyber Valley.