Governments and regulators around the world are taking a closer look at nefarious activities
the metaverse, bridging criminal endeavours of both the physical world and the digital world as the
merge into one.
While crimes in the physical world often pertain to loss of life, loss of property,
cybercrimes or virtual crimes largely entail the loss of data, cyberattacks, and compromised private
information, all of which can cost enterprises and individuals a huge sum.
Because the digital world
borders, countries have united to fight against cyber criminals on a global scale.
Mordor Intelligence, a leading market research consulting firm, valued the Global Incident Response
market at USD 3.48 billion in 2020 and expected it to reach USD 10.13 billion by 2026, at a compound
growth rate of approximately 20.53%, between 2021 and 2026, signalling towards the rise in probable
breaches in future.
The report further emphasises that the Asia Pacific market will see a spike for
- 1- The Asia Pacific accounts for nearly one-third of the world’s population
- 2- Steady economic growth and increased stability in the region
The Mordor Intelligence report indicates that the thefts are primarily targeted at personally
information (PII) because APAC is an abundant source of human capital.
Cybersecurity: A global responsibility
As cyber threats evolve and become increasingly complex, our world’s borderless digital space
vulnerable to cyberattacks. Cybercriminals continue to identify new ways to disrupt the systems that
global business to function. As expected and according to a recent Forbes contributor column, the
cyberattacks in 2021 surpassed those in 2020, including attacks on financial portals as well as
and Colonial Pipeline.
The Australian government has recently unveiled a ransomware action plan for businesses in
plan includes businesses mandatorily reporting ransomware incidence.
What is cyber threat incident response?
In general terms, cyber threat incident response is the process to respond to cyber threats. PCI DSS
specifies the steps that organisations should follow as part of the incident response plan. The
established in requirement 12 and include:
Preparedness and initiatives across APAC
- 12.10.2–Test incident response plan at least annually
- 12.10.3–Assign certain employees to be available 24/7 to deal with incidences
- 12.10.4–Properly and regularly train the staff with incident response responsibilities
- 12.10.5–Set up alerts from intrusion-detection, intrusion-prevention, and file-integrity
- 12.10.6–Implement a process to update and manage the incident response plan per industry and
Governments play a crucial role in creating and shaping the economy; when it comes to securing the
population and their interests, they leave no stone unturned, whether it involves deploying
fight known threats (security, healthcare, judiciary) or developing protocols and policies to fight
unknown. One key element is the establishment and promotion of cybersecurity standards or
of the government-managed cyber security organisations across the APAC region include :
PDCA for cybersecurity
- Australia: Australian Cyber Security Center (ACSC) is responsible for monitoring and
to the cyberthreats targeting Australian interests. ASCS also provides a set of guidelines
that can help
an organisation's employees detect, respond, and recover from a cybersecurity breach.
- China: The Cyberspace Administration of China, also known as the Office of the
Cyberspace Affairs Commission, is the central Internet regulator, censor, oversight, and
for the People's Republic of China.
- Hong Kong: The Office of the Government Chief Information Officer (OGCIO) ensures
Government provides the public with information and services they need efficiently and
using IT appropriately, and supports bureaux/departments to make the best use of IT to
- India: The National Cyber Coordination Centre (NCCC) is an operational cybersecurity
e-surveillance agency in India.
- New Zealand: National Cyber Security Centre (NCSC) protects and provides incident
New Zealand’s most significant public and private sector organisations from cyber threats.
- Singapore: Cyber Security Agency (CSA) is the national agency overseeing
strategy, operations, education, outreach, and ecosystem development.
Stringent policies coupled with defined processes can help organisations prepare against cyber
“Plan, Do, Check, Act” (PDCA) can help get answers to most of the questions and ensure preparedness.
recognised across industries and by various regulatory and industry bodies for effectively reducing
respect to securing the organisation against cyber threats, International Organization for
(ISO) recommends PDCA as:
- Plan: Establish policies, objectives, processes, and procedures relevant to managing risk
improving information security to deliver results following an organisation’s overall
- Do: Implement and operate the ISMS policy, controls, processes, and procedures.
- Check: Assess and, where applicable, measure process performance against ISMS policy,
practical experience and report the results to management for review.
- Act: Take corrective and preventive actions, based on the results of the internal ISMS audit
management review or other relevant information, to achieve continual improvement of the
It's an iterative process, and it evolves with new information and stronger processes.
While the regions’ governments are proactive and are educating the public at large, individual and
organisational preparedness will help minimise the agony and loss - Is your law firm ready?
Disclaimer: The views and opinions expressed in this article do not necessarily reflect the official
or position of Novum Learning or Legal Practice Intelligence (LPI). While every attempt has been
ensure that the information in this article has been obtained from reliable sources, neither Novum
or LPI nor the author is responsible for any errors or omissions, or for the results obtained from
of this information, as the content published here is for information purposes only. The article
constitute a comprehensive or complete statement of the matters discussed or the law relating
does not constitute professional and/or financial advice.