Cybersecurity has become one of the toughest challenges faced by tech startups worldwide. According to Interpol’s Association of Southeast Asian Nations (ASEAN) Cyber Threat Assessment 2021, the total net cost of cybercrime globally will reach $10.5 trillion USD by 2025, representing an annual growth rate of 15%. Analysis by the Identity Theft Resource Centre (ITRC) predicted that the number of data breaches in 2021 would eclipse those from the previous year.

These trends are concerning, especially for a region undergoing a digital transformation in every sector, including in public services from the government. Google’s e-Conomy Southeast Asia (SEA) 2021 report shows that consumers have embraced the internet economy, with 60 million Southeast Asians becoming digital consumers since the COVID-19 pandemic began. Furthermore, spending and frequency of digital services usage has increased, with consumers purchasing nearly four more services than before.


Malaysia is set to emerge as the next cybersecurity hub in Southeast Asia: Report


Here are some of the obstacles facing Southeast Asia tech startups and solutions they should adopt to address cybersecurity challenges.

Rise of cybercrime in Southeast Asia

As the COVID-19 crisis accelerated, the region’s shift to a digital economy created new challenges in employee recruitment, tech talent gaps, and cyberthreats. Workers now had to do their jobs remotely, opening up viable opportunities for cybercriminals to exploit them. Training and upskilling have become essential to protect employees from falling foul to online scams and phishing emails.

Unfortunately, ASEAN was not as prepared as it should have been for nascent digital threats. For example, Vietnam’s Authority of Information Security (AIS), which operates under the Ministry of Information and Communications, reported that the country faced 3,900 cyberattacks in the first seven months of last year.

Similarly, Indonesia suffered a series of cyber hacks throughout 2021, with one proving particularly embarrassing. In October, the country’s National Cyber and Crypto Agency (BSSN), tasked with protecting the nation from cyberattacks, was hacked, and its National Malware Centre website was defaced. Other government websites also fell victim to cybercriminals, with the Prosecutor’s Office, the Department of Population and Civil Registration, the Indonesian Cabinet Secretariat (Setkab), and the COVID-19 health alert card (eHAC), to name a few, being hacked and having data compromised.

Finally, the Centre for Strategic & International Studies highlighted significant cyber incidents from last year. In the nine months to December, Southeast Asian governments suffered multiple hacks from what many experts considered as Chinese state-sponsored cyberattacks. These threats were thought to result from the territorial disputes in the South China Sea between China and the rest of Asia.

Challenges and solutions for ASEAN

ASEAN has struggled with cybersecurity because the nations have not done enough to resolve the issue together. Even though the region passed the Framework on Personal Data Protection in 2016, which sought to enhance personal data protection and guide the countries on implementing cyber safety principles, each government decides how to handle online threats.

Many countries in the region have data security and privacy laws, with Vietnam having the most comprehensive one: the Law on Cyber Information Security. Brunei Darussalam uses a Data Protection Policy to guide its leaders, while Laos’ People’s Democratic Republic (PDR) has not legislated a statute; however, the country has cybercrime and data protection laws in place.

Leaving each nation to its own solutions is not workable in the long term, especially for some countries in developing Asia that cannot afford to invest heavily in digital protections. This disjointed approach creates a disparity between the wealthier Southeast Asian nations and the developing ones in their ability to safeguard their cross-border online engagements. Additionally, the budding cyber industry lacks sufficient tech expertise, making it vulnerable to attacks in undefended digital infrastructures.

ASEAN must adopt a unified regional governance framework to solve these issues, ensuring all nations have identical data protection, cyber safety, and privacy policies. They should invest more in training cyber professionals and tech experts to defend the digital ecosystem in the region. 

Furthermore, startups should get more support from the governments to overcome the vulnerabilities of multi-vendor tech relationships.

Lastly, there should be cybersecurity exercises, online attack incident reporting, and evaluation programmes to enhance the region’s cyber readiness.

The cybersecurity challenges faced by tech startups in Southeast Asia have the potential to hurt their growth and survival. Companies lose customer data, proprietary products are exposed, and business owners become victims of theft or extortion online. It’s a crucial time for ASEAN governments to take decisive action to invest in cybersecurity and create laws and regulations that govern the digital economy.

According to Consulting and Advisory firm Gartner, companies that adopt cybersecurity mesh architecture will reduce the financial impact of cyberattacks by a 90% average. This online defense strategy provides a holistic approach, securing each device independently rather than using a single shield for the whole IT network. Southeast Asia tech startups can benefit from using this approach to limit breaches and losses of their innovative ideas and products.