Marsh:亚洲企业网络安全防范意识仍待加强(英文)
航通社发布此新闻稿仅为传播更多信息之目的,不对其内容做任何事实核查或持任何观点或立场。新闻稿内容及其著作权和解释权均归发布新闻稿之企业所有。
www.marsh.com
NEWS RELEASE
Marsh: Asia’s RE&H sector remains ill-prepared for the increasing cyber incidents as initiatives for smart cities grow
Hackers are 80% more likely to attack organizations in Asia
59% of Asian businesses experienced a cyber incident on at least a monthly
basis in 2016
Asian firms spend 47% less on IT security than North American firms and take
1.7X longer to respond to a breach compared to the global average
Asia RE&H sector vulnerable through POS devices and systems, representing
87% of breach targets
Hong Kong, November 29, 2017
Marsh, a global leader in insurance broking and innovative risk management solutions and a
wholly owned subsidiary of Marsh & McLennan Companies (NYSE: MMC), today announced
the introduction of a new report on cyber – “Cyber Risk in Asia: Ramifications for Real Estate
and Hospitality”, which shares insights from one global survey and one Asia survey,
conducted by Marsh. The survey report focuses on the real estate and hospitality (RE&H)
sectors, which reveals them to be especially vulnerable in Asia to cyber-attacks.
According to the report, the reasons that the RE&H sector is facing rising cyber threat in Asia
are because of the widespread use of IoT, artificial intelligence, blockchain, cloud systems
and wifi network technology without adequate safeguards and warning systems for
breaches. Of interest to attackers/hackers are intellectual property, personally identifiable
information that allows impersonation and identify theft, payment card information, and
privileged information belonging to external clients or vendors. In addition, physical
disruption of building management systems for ransom is another potential risk in the sector.
Half of respondents to the survey in the RE&H sector said they had not implemented any
cyber loss mitigation program in the last 12 months. Yet, respondents’ biggest concerns are
reputational damage to their organization in the event of a cyber-attack (64 percent), the
breach of customer information (55 percent), and business interruption (52 percent).
The surveys reveal a widening perception-reality gap:
A large majority (65 percent) of respondents from the RE&H sector in Asia ranked cyber
threat as a top-five corporate risk concern; but 85 percent of the surveyed RE&H
respondents in Hong Kong spend less than 10 percent of their annual budget on
cybersecurity
Page 2
Firms in the RE&H sector appear mostly confident (88 percent) that they understand
their cyber risk exposure, but almost half (48 percent) are either unaware of or do not
have any methods to measure their cyber risk exposure.
Six out of 10 RE&H companies do not have and do not plan to develop a cyber-incident
response plan, despite one in five having responded that they had experienced a cyberattack
in the past 12 months alone.
Commenting on the survey results, Lei Yu, Managing Director of Marsh HK & Macau, Marsh
said, “This suggests that despite a high chance of being attacked, a majority of the firms
have not prepared to respond to an attack at all. As technological advancement accelerates
across the region, Asian businesses would do well to recognize that their vulnerability to
cyber-attacks is set to intensify.”
Almost half of the respondents either did not know of any steps their organizations had
taken, or indicated their organizations had taken less than five of the potential steps to
mitigate risks over the past 12 to 24 months.
Besides the lack of incident response plans against cyber-attacks, 31 percent of those
surveyed in the RE&H sector in Asia also do not assess external cyber threats coming from
vendors, contractors, or suppliers, or do not know whether their organizations assess these
external cyber threats.
“Without proper measures to mitigate against third-party risks, companies are leaving wide
open the possibility of a watering hole attack, in which an attacker is able to pivot from one
system (usually an initial victim with weaker security) to another system which is the
intended target and has more robust security,” added Yu.
“Our recommendations are for RE&H to actively manage their cyber risk mitigation and
breach reporting procedures and update them frequently. This includes embedding ‘cyber’ in
enterprise risk management plans, strengthening the organizational cyber-secure culture
and transferring residual risks that cannot be eliminated,” concluded Yu.
###
About the Surveys
The report includes findings from a global cyber risk perception survey and another survey
for the real estate and hospitality sectors in Hong Kong administered between July and
September 2017.
Overall, more than 1,300 senior executives participated in the global survey, representing a
wide range of key functions, including information technology, risk management, finance,
legal/compliance, senior management and boards of directors.
Page 3
About Marsh
A global leader in insurance broking and innovative risk management solutions, Marsh’s
30,000 colleagues advise individual and commercial clients of all sizes in over 130 countries.
Marsh is a wholly owned subsidiary of Marsh & McLennan Companies (NYSE: MMC), the
leading global professional services firm in the areas of risk, strategy and people. With
annual revenue over US$13 billion and more than 60,000 colleagues worldwide, MMC helps
clients navigate an increasingly dynamic and complex environment through four marketleading
firms. In addition to Marsh, MMC is the parent company of Guy Carpenter, which
develops advanced risk, reinsurance and capital strategies that help clients grow profitably
and pursue emerging opportunities; Mercer, which delivers advice and technology-driven
solutions that help organizations meet the health, wealth and career needs of a changing
workforce; and Oliver Wyman, a critical strategic, economic and brand advisor to private
sector and governmental clients. Follow Marsh on Twitter @MarshGlobal; LinkedIn;
Facebook; and YouTube,or subscribe to BRINK