Table of Contents Table of Contents
Previous Page  51 / 60 Next Page
Information
Show Menu
Previous Page 51 / 60 Next Page
Page Background

47

Cybersecurity in ASEAN: An Urgent Call to Action

market capitalization, this is a small price to pay, especially since other items on the fiscal

budget such as defense account for up to 3.4 percent of the region’s annual GDP.

30

Corporate boards and chief information security officers (CISOs) have important roles to play

in creating a defense-in-depth culture in their organizations (see figure 31 on page 48). These

roles include elevating cybersecurity on the board of directors’ agenda and establishing the

CISO function as an independent reporting function. CISO responsibilities include establishing

group-wide strategies, governance, and conducting value-at-risk assessments. In addition,

cybersecurity resilience needs to be extended to business partners through a continuous

process of education and inclusion in internal risk audit assessments.

Forging industry alliances and engaging with educational institutions to develop industry-

relevant cybersecurity courses will help build a stronger local industry and address capacity

and capability gaps.

30

World Bank based on data for Malaysia, Singapore, Indonesia, Thailand, Vietnam, and Philippines

Source: A.T. Kearney analysis

Figure

Stakeholder view of the call to action

Elevate cybersecurity

on the regional policy

agenda

Call-to-action agenda Regional

National

Implement the 12-point Rapid

Action Cybersecurity Framework

Establish sector-level

governance mechanism

Set up regional cybersecurity

coordination platform

Track national progress via the

ASEAN Secretary-general’s annual report

Secure a sustained

commitment to

cybersecurity

Engage with private-sector stakeholders

to stimulate cybersecurity investment

Set up a cyber-hygiene dashboard

for crucial sectors to de…ine and track

key performance indicators at the

sectorial level

Recommend standards for

voluntary adoption

Track cybersecurity investments against

the agreed commitment

Report on national cybersecurity spend

Fortify the

ecosystem

Adopt voluntary certi…ication of vendors,

and develop recommended lists

Establish and incentivize trusted

sharing mechanisms

Set up security maturity assessments

as a formal cyber certi…ication for the

private sector

Set-up industry alliances

Encourage public–private partnerships

Adopt voluntary certi…ication of vendors

and develop recommended lists

Foster cross-border cybersecurity

cooperation across the region and

around the world

Encourage public–private partnerships

across the region

Build the next wave

of cybersecurity

capabilities

Align the cybersecurity talent strategy with

the national workforce planning agenda

Identify and plan for skills in demand

Develop career pathways around

cybersecurity

Foster R&D around emerging threat vectors

Anchor world-class capabilities to

facilitate knowledge exchange

Develop cross-border capabilities to

prevent cybercrime

Support regional start-ups to boost

development of advanced solutions

and address white spaces

Set up regional R&D fund for

cybersecurity with contribution from

member countries