Stay updated
  • Expert Opinion

Towards Human-Centric Approaches to Cyber Resilience in Southeast Asia

In this article, Keith Detros, Programme Manager at the Tech For Good Institute, discusses the importance of a human-centric approach to cyber resilience in Southeast Asia amidst the rising tide of cybercrime.

By Keith Detros, Programme Manager, Tech for Good Institute

As with the rest of the world, Southeast Asia is undergoing rapid digital transformation. The region’s digital economy has maintained an impressive compound annual growth rate of 27% since 2021. Projections indicate that digitalisation could contribute up to US$1 trillion to the regional economy by 2030. This growth is driven by factors such as accelerated digital adoption catalysed by the pandemic, an increasingly mobile-first economy, the rise of digital platforms, and a thriving startup ecosystem.

However, amidst these advancements, technology and society are in a complex relationship. While digital solutions bring inherent benefits, they also come with corresponding challenges and risks. In the region, digital adoption has not always been accompanied by adequate digital literacy and cyber awareness measures. As more individuals come online, particularly for the first time, there are increased opportunities for cyber criminals to exploit vulnerabilities. This has resulted in an increase in cyber threats across Southeast Asia.


Southeast Asia’s Cyber Threat Landscape: The Rise of Scams and Fraud

In the World Economic Forum’s Global Risk Report 2024, cyber insecurity is highlighted as one of the most critical global concerns, both in the short and long term. With the cyber threat landscape constantly evolving and becoming increasingly sophisticated, Southeast Asia is not spared from this growing risk.

Countries in the region have felt the impact of cyber threats, with the average cost of a data breach hitting a record high of US$3.05 million in 2023, marking a 6% increase from the previous year. During the same period, cyber extortion—including ransomware and distributed denial of service (DDoS) attacks with ransom demands—has surged by 42% in the region. Southeast Asian businesses also continue to grapple with challenges like business email compromise and phishing attacks.

Alarmingly, apart from threats faced by organisations, there has been a rising trend of scams and fraud at the consumer level. In Singapore, for example, victims lost approximately US$ 481.4 million in 2023. Meanwhile, losses from scams and fraud account for almost 3.6% of Vietnam’s 2023 gross domestic product. Scammers and fraudsters manipulate users into sharing credentials, personal data, and even financial information, which is concerning because compromised individual information can also lead to unauthorised access to organisations or networks of their affiliation. With remote work and bring-your-own-device arrangements becoming increasingly prevalent, the lines between individual and organisational cybersecurity continue to blur. Personal devices can also become a vulnerability for organisational cybersecurity.


Complementing Existing Initiatives: A Case for Human-Centric Capability Building

It is important to note that governments in Southeast Asia are increasingly recognising the importance of cybersecurity and building cyber capabilities across governments, the private sector, and society. There are existing key initiatives to ensure that the digital transformation of Southeast Asia remains safe, secure, and resilient.

At the national level, governments in the region have begun implementing national cybersecurity strategies and enacting data protection laws, albeit with varying degrees of coverage and implementation. On a regional scale, the Association of Southeast Asian Nations (ASEAN) adopted the Cybersecurity Cooperation Strategy (2021-2025), which acts as a roadmap for cross-border cybersecurity cooperation. Recently, ASEAN also announced the endorsement of the financial model for the regional Computer Emergency Response Team (CERT), marking a significant step towards operationalising the regional partnership and enhancing CERT capacity across ASEAN member states.

While techno-centric approaches for regional cooperation, such as safeguarding infrastructure, systems, networks, and data, are important given the varying digital development levels in Southeast Asia, there is also an opportunity to complement these efforts with human-centric approaches to cybersecurity.

The evolving nature of cyber threats, coupled with an increase in scams and fraud targeting consumers everyday, underscores the importance of initiatives that aim to prioritise users. As the saying goes, in the cybersecurity triad of people, process, and technology, people are often considered the weakest link. Technology awareness and digital literacy is not the only factor towards capability building, but motivations, experiences and feelings of individuals are also becoming more important to ensure that society prevents, responds, recovers, and adapts to cyber risks.


Moving Forward: Possible Solutions

Southeast Asia can leverage existing initiatives to enhance the resilience of the region further. It is crucial to emphasise that human-centric cybersecurity approaches are intended to complement, and not replace, current cybersecurity development efforts. By integrating these considerations, the region can have a more holistic approach towards building cyber resilience.

  • Building a cyber resilience culture through raising awareness and education.

Human-centric cybersecurity approaches begin with raising awareness to mitigate the risk of individuals falling victim to cyber threats. This is particularly critical for children and youth, who have become more exposed to digital technologies due to the rise of remote and hybrid learning in education. While spending time online can offer educational benefits, it also exposes them to risks such as phishing, fraud, and scams. Integrating cyber hygiene education into formal curricula not only raises awareness but also promotes interest in cybersecurity careers from an early age. ASEAN countries can collaborate to share best practices in developing cyber hygiene curricula.

Awareness efforts should also go beyond formal education systems. It is also important to encourage community engagement, where community champions play a crucial role in sharing best practices. These champions can come from various demographics, including women and the elderly. Building resilience is a shared responsibility and a whole-of-society approach is fundamental to advance human-centric cybersecurity.

  • Designing inclusive capability development programs.

Given the diversity of the region, there is no one-size-fits-all framework that can adequately meet the specific needs of each country. As highlighted by the Cyber ASEAN project, most countries have adapted a localised and context-specific approach towards implementing globally recognised frameworks This tailored approach is essential to ensure that capability development meets the specific needs of each jurisdiction.

Moreover, it is crucial to establish and institutionalise inclusive mechanisms for cyber policy formulation and the design of capability development programs. Beyond cyber professionals, it is important to involve and consult with diverse stakeholders such as nonprofit organisations, academics, and community leaders. This inclusive approach ensures that capability development and awareness campaigns align with experiences on the ground, but also that people are at the heart of cyber resilience initiatives.

  • Developing capability towards human-centric cybersecurity incident response.

While the technical aspects of incident response—such as patching systems, isolating threats, and recovering data—are crucial, a holistic and human-centric approach to cyber resilience should also prioritise addressing the needs of victims affected by cyber risks. Beyond the technical impact of an attack or breach, there are significant non-technical harms including reputational damage, loss of trust, and negative mental health effects. Scams and fraud are often associated with shame, leading to underreporting.

A human-centric approach to incident response should therefore consider the psychosocial and behavioral impacts on victims. Cyber professionals, particularly those involved in responding to cyber threats, should receive training in gender and cultural sensitivity. This ensures respect for social norms and provides appropriate and effective assistance for all, including marginalised and vulnerable individuals.

 

This article was first published in the Global Cyber Expertise Magazine in September 2024.

Download Report

Download Report

Latest Updates

  • Articles

Navigating AI Governance and Ethics Across ASEAN

Latest Updates​
  • Articles
Navigating AI Governance and Ethics Across ASEAN

Tag(s):

,

Follow us on Linkedln

Interested in learning more about our work? Get the latest.

Contact Us
3 Media Close Singapore 138498 Republic of Singapore
The Institute
Legal Terms​
Connect with us
Thank you for your interest in the Tech for Good Institute. Follow us on social media to stay updated with our latest events, reports and insights.
Linkedin Youtube
Contact us

All rights reserved. © 2021 Tech For Good Institute​

Connect with us​

Linkedin Youtube
Stay updated
Linkedin Youtube

Keep pace with the digital pulse of Southeast Asia!

Never miss an update or event!

Subscribe now ➞

Mouna Aouri

Programme Fellow

Mouna Aouri is an Institute Fellow at the Tech For Good Institute. As a social entrepreneur, impact investor, and engineer, her experience spans over two decades in the MENA region, South East Asia, and Japan. She is founder of Woomentum, a Singapore-based platform dedicated to supporting women entrepreneurs in APAC through skill development and access to growth capital through strategic collaborations with corporate entities, investors and government partners.

Dr Ming Tan

Founding Executive Director

Dr Ming Tan is founding Executive Director for the Tech for Good Institute, a non-profit founded to catalyse research and collaboration on social, economic and policy trends accelerated by the digital economy in Southeast Asia. She is concurrently a Senior Fellow at the Centre for Governance and Sustainability at the National University of Singapore and Advisor to the Founder of the COMO Group, a Singaporean portfolio of lifestyle companies operating in 15 countries worldwide.  Her research interests lie at the intersection of technology, business and society, including sustainability and innovation.

 

Ming was previously Managing Director of IPOS International, part of the Intellectual Property Office of Singapore, which supports Singapore’s future growth as a global innovation hub for intellectual property creation, commercialisation and management. Prior to joining the public sector, she was Head of Stewardship of the COMO Group and the founding Executive Director of COMO Foundation, a grantmaker focused on gender equity that has served over 47 million women and girls since 2003.

 

As a company director, she lends brand and strategic guidance to several companies within the COMO Group. Ming also serves as a Council Member of the Council for Board Diversity, on the boards of COMO Foundation and Singapore Network Information Centre (SGNIC), and on the Digital and Technology Advisory Panel for Esplanade–Theatres on the Bay, Singapore’s national performing arts centre.

 

In the non-profit, educational and government spheres, Ming is a director of COMO Foundation and Singapore Network Information Centre (SGNIC) and chairs the Asia Advisory board for Swiss hospitality business and management school EHL. She also serves on  the Council for Board Diversity and the Digital and Technology Advisory Panel for Esplanade–Theatres on the Bay, Singapore’s national performing arts centre.

 

Ming was educated in Singapore, the United States, and England. She obtained her bachelor’s and master’s degrees from Stanford University and her doctorate from Oxford.