Reputation is at Stake, Companies Should Not Delay Investing in Cybersecurity
Reputation is at Stake, Companies Should Not Delay Investing in Cybersecurity
Cybersecurity remains a critical challenge for many companies in Indonesia, as weak security systems make vital company data susceptible to hacking. Recently, a financial services institution fell victim to such a breach, highlighting the urgent need for robust cybersecurity measures.
According to the 2022 National Cyber Security Index (NCSI) data, Indonesia's cybersecurity index score is 38.96 points in 2022, ranking as the third lowest among G-20 countries. Aside from causing harm to consumers, customers, and internal information, data breaches pose a significant risk to a company's reputation.
"In the past, hackers sought fame, but now their focus is on making money and inflicting losses on companies," said Reza Aminy, Associate Director of BDO's Advisory Services team in Indonesia.
Reza explained that hacking incidents often target companies in the banking, e-commerce, marketplace, telecommunications, insurance, and financial services sectors in Indonesia. Besides damaging the company's image, these breaches also have the potential to trigger internal financial shocks. In the face of this substantial threat, Reza emphasizes that company leaders must be vigilant and responsive to potential cybercrimes. Taking proactive steps is crucial to mitigate risks.
"Many companies hesitate to invest in cybersecurity. Must we wait for an incident to occur and bear the losses before prioritizing information security? Companies that invest in cybersecurity face lower risks of incidents, and if they occur, the impact is smaller compared to non-investing companies. IBM data from 2023 reveals that the average loss from incidents at non-investing companies is nearly double compared to those that invest. Not to mention the reputation risk, tarnishing the company's image and causing embarrassment for company leaders," explained Reza.
Companies often debate whether to form an internal cybersecurity team or enlist the services of a cybersecurity management service company. Reza suggests that while internal teams are possible, they require significant time, money, and, most importantly, experience in handling various industry-specific cases.
As recent data breach cases have become more widespread, company leaders are increasingly recognizing the importance of data security. However, they are confronted with complex choices, closely tied to budget considerations. Ariston Sujoto, Head of Corporate Finance at BDO in Indonesia, emphasizes the need for companies to take cybersecurity seriously, aligning it with their financial plans.
"Companies must have an appropriate financial plan, prepared from the start or through budget reallocation, for cybersecurity needs and routine training for all employees. Cybersecurity is a long-term investment," said Ariston Sujoto.
Arina Marldiyah, Managing Director of the Human Capital & Training Division of BDO Indonesia, stresses that maintaining cybersecurity is a collective responsibility for the entire company organization, not just the IT team. Employees should be educated and vigilant against potential cyber-attacks, with phishing being one of the most common methods used by hackers.
"Employees who unknowingly open emails containing dangerous links can provide hackers with access to the system. Companies can provide cybersecurity training to make employees more alert to hacker attacks," added Arina.
Click the button below to download our Cybersecurity Guideline to Protect your Company