Asian transport firms concerned about rising digital vulnerability
Digital vulnerability is a primary business risk and cyber threats should be addressed by the board of directors, top executives in Asia's transportation industry believe.
This was the finding of a new study from leading global advisory, broking and solutions company Willis Towers Watson (WLTW).
Based on interviews with 350 C-suite executives in the transport industry globally, of whom 71 are from Asia, the Willis Towers Watson 2016 Transportation Risk Index study sheds light on the top perceived threats over a 10-year horizon.
In Asia, more than a quarter of its transportation sector customers were targeted with advanced cyberattacks during the first half of 2016.
In terms of cyberattacks, a report issued by Microsoft Asia in January revealed that three of the top five destinations for cyberattacks during the first half of 2016 were in Asia Pacific.
As cyberattacks become increasingly prevalent in the region, regulators across markets including China and Singapore have tightened rules governing how companies must handle data and disclose any breaches.
The WLTW study comes as supply chains in the region are becoming increasingly digitalized and interconnected, prompting tighter regulation of data protection and disclosure of breaches.
The study asked participants for their views on 50 specific risks under five broad categories, or megatrends.
Executives from Asia ranked digital vulnerability as the top megatrend and gave it a risk score higher than any other region did.
The cyber threat was top of the list of specific transportation risks, followed by third-party security vulnerability, particularly in the supply chain, and changes in demand owing to macroeconomic conditions.
"Digitalization's impact is felt across business sectors and the transport sector is no exception when you consider the growth of internet of things, artificial intelligence, driverless cars, robo-workers, and smart cities," noted Mark Hue Williams, WLTW Head of Transportation Industry.
However, digital risk mitigation is not the exclusive responsibility of risk managers or IT managers.
"Cyberattacks and resulting breaches have broad technical, financial, operational and reputational consequences. Organizations need to take a holistic view – one that includes their organizational culture – and form strategies accordingly at a corporate level," he elaborated.
In addition, risks lie in each link of the supply chain. "So there's a collective responsibility to which every participant in the supply chain must be accountable, not only to their shareholders but also to their business partners."
Furthermore, "Tighter regulations are pushing companies in the region to attach greater importance to cyber security," according to Hue Williams.
"Executives must ensure their preparedness and response plans will withstand questioning from shareholders and the public in the wake of a breach."
China passed a new cybersecurity law in November, 2016, requiring enterprises to improve their ability to defend against cyberattacks, while demanding security reviews for equipment and data in certain strategic industry sectors.
Transport is a sector classified as "critical information infrastructure" in the new law, which takes effect on 1st June, 2017.
Singapore also plans for a new cybersecurity bill to be tabled in parliament in 2017 to better secure its critical information infrastructure.
Despite the prevalence of cyberattacks and tighter regulations across the region, the insurance sector hasn't moved anywhere near as fast.
"While insurers are offering various cyber insurance products, the challenges involved in pricing and underwriting cyber-risks have constrained the ability of insurers to fully penetrate this market," says Hue Williams.
"The difficulty stems from the fast evolving nature of cyber-crime, which makes past data unlikely to be predictive of the future."
"Few historical claims also result in a lack of precedents for reference in applying policy terms and conditions. These challenges have led insurers to be more cautious in their policy offerings."