- Anzenix Insights
- Posts
- Prosperity Through Security
Prosperity Through Security
How investing in cybersecurity can contribute to long term business growth for enterprises in Southeast Asia
This post was authored by Thomas Glucksmann, the founder and CEO of Anzenix, a boutique cybersecurity consultancy focused on supporting organizations across the Asia Pacific.
Executive Summary
Cybersecurity is not just a cost center but a powerful driver of growth for Southeast Asian enterprises. Effective cybersecurity investments can enhance operational efficiency, boost sales, and influence investors through increased trust. This article explores how businesses can leverage cybersecurity for long-term prosperity and provides actionable strategies for implementation.
Cybersecurity Spending in the Regional Threat Environment
Recent reports paint a concerning picture of the cybersecurity situation in Southeast Asia:
In 2021, INTERPOL reported an exponential rise in cybercrime targeting organizations in the region.
A 2024 report by the UN Office on Drugs and Crime (UNODC) highlighted the increasing use of AI-driven capabilities like deepfakes by transnational organized crime groups.
According to IBM, the average cost of a data breach in Southeast Asia reached US$3.23 million in 2024.
Yet despite these alarming trends, enterprise cybersecurity spending in Southeast Asia is expected to reach only US$6.1 billion by 2026, well below the global average. This disparity may stem from the common skepticism towards cybersecurity investments we at Anzenix have often encountered among the leadership of small and medium sized enterprises (SMEs) and family owned conglomerates in the region.
Frequently we are confronted with the perception that cybersecurity is just a “cost center” with no meaningful return on investment (ROI) or impact on an enterprise’s bottom line. So whatever is the “cheapest” approach to satisfy stakeholders, such as regulators can suffice. Of course it is understandable that enterprise leaders (should) usually have bigger priorities than security, and SMEs have limited budgets to deal with the problem.
Nevertheless, since these SMEs account for more than 97% of businesses in Southeast Asia, and family owned conglomerates make up 75% of larger enterprises in the region, inadequate and ineffective cybersecurity spending may have grave consequences for regional security and economic stability.
This article aims to challenge this cost-center bias by arguing that cybersecurity can effectively contribute to enterprise growth by enhancing operational efficiency, positioning security as a unique value proposition (UVP), and improving organizational governance. I will also address the ways in which cybersecurity spending can be effectively deployed to garner compelling returns on investment rather than just advocating “throwing money at the problem”, which can be counterproductive.
Cybersecurity as a Growth Driver
Enhancing Operational Efficiency
Investing in robust cybersecurity measures can significantly improve operational efficiency by reducing the risk and impact of cyber incidents. This in turn minimizes disruptions to enterprise operations, service delivery, and product development. Not to mention the avoidance of expensive regulatory fines, ransomware payments and potential litigation, while also lowering cybersecurity insurance premiums. For instance, compliance with regulations like Singapore's Personal Data Protection Act (PDPA) can help companies avoid penalties of up to SGD 1 million, leading to long-term cost savings and potentially higher profit margins.
Positioning Security as a Unique Value Proposition (UVP)
Cybersecurity can serve as a powerful UVP to attract customers, partners, investors, and employees. Security as a UVP is industry agnostic and applies whether your enterprise is providing software, hardware or services. “Secure by design” is no longer a niche advantage but an industry expectation and is even being encouraged by governments in the region. Companies prioritizing security build stronger reputations and foster deeper trust with stakeholders. In industries like crypto asset trading, where cyber attacks are prevalent, security has become a key differentiator for exchanges and wallet providers. As a result, positioning security as a core strength can likely increase your firm’s sales revenue.
Improving Organizational Governance
Strong cybersecurity governance can positively impact how investors assess your company’s potential. Venture capitalists, private equity firms, M&A prospects, hedge funds and other public market investors are more likely to assign higher valuations to companies with a healthy cybersecurity posture compared to those lacking sufficient measures. Some investors have also argued that cybersecurity should be a key consideration within the broader ESG (environmental, social, governance) criteria in investment decisions. Even companies with a history of cyber incidents can reassure investors by documenting how they resolved past issues and improved security.
Effective Implementation Strategies
To maximize the benefits of cybersecurity investments, companies should focus on several key areas. First, fostering a security culture is crucial. This involves implementing "secure by design" as a core principle across operations, product development, and service delivery. Building and sustaining this culture requires dedicated resources for training, talent development, technologies, testing and tracking. Additionally, cybersecurity should be both a top-down and bottom-up priority with both leadership and employees taking shared responsibility for the strategy and its execution. Furthermore your firm should seek to collaborate with relevant industry, national and regional cybersecurity organizations to stay updated on the latest threats, standards and best practices.
Training
Proactive and engaging cybersecurity training to stress-test company procedures should include participation from a wide and diverse group of stakeholders. This ensures that both management and employees understand the critical role cybersecurity plays in overall operations and feel empowered as active contributors to your organization's security posture. Training also provides your teams with the confidence that they will know what to do when incidents occur thereby allowing them to focus on core value generating activities rather than dealing with crises.
Talent Development
Adjacent to training, your organization must ensure that the talent managing or executing cybersecurity programs are equipped with the necessary knowledge, skills, tools, or outsourced support to perform effectively. It is equally important that their role is respected and valued within your firm. This can be achieved by investing in technical training programs, creating internal lab environments for hands-on practice, and regularly communicating the achievements of security teams. Better resourced and supported security talent not only helps to raise operational efficiency through improved handling of incidents but also establishes a team responsible for building security as a UVP and gives investors confidence that security governance is being overseen by the right people.
Technologies
Security talent should be provided with the best technology solutions available to help them pursue a growth-oriented security approach for your company. The best does not always mean the most expensive. So security talent should work with your firm’s leadership to identify and compare both open-source and commercially available capabilities that can be used in-house or outsourced to managed security providers. Technology investment decisions should be based on how solutions provide low-friction functionality with timely and actionable information without overburdening security teams. Examples of technology-driven capabilities that can immediately add value to your company’s security posture are cyber threat intelligence (CTI) - so you can address potential attacks from outside your organization, and managed detection and response (MDR) - which focuses on monitoring your company’s IT environments for indicators of possible cyber incidents.
Testing
As an extension to deploying effective cybersecurity technologies, internal and external vulnerability assessments and possibly more rigorous penetration testing can work to address weaknesses in your firm’s IT infrastructure and applications. Fixing bugs, patching systems and software can avoid the expensive fallout of detected vulnerabilities from being exploited by cyber attackers and keep operations running smoothly as much as possible. Implementing a security bug bounty program and communicating about the results of external security audits can also contribute to building the firm’s security UVP in the mind of customers, investors and regulators.
Tracking
Measuring ROI and performance is crucial to demonstrate the value of cybersecurity investments. Firms can use business intelligence tools or outsource tracking to managed service providers to analyze data on security budgets, costs, revenues, and performance. This analysis should involve finance, procurement, security, IT, operations, and sales teams to assess both quantitative and qualitative impacts over the year. By reviewing which security investments lead to specific efficiency gains, revenue growth, or improved valuations, leaders can optimize future budget allocations and refine performance metrics. A detailed report on cybersecurity ROI, along with an executive summary, should be shared with relevant stakeholders to guide decision-making.
Top Down and Bottom Up Approach
Both leaders and employees should champion the positive impact of cybersecurity on business growth and work to drive its effective implementation. Management across departments must be actively involved in shaping security strategies, policies, procedures, and budgets, while also playing a key role in forming partnerships with vendors and hiring security personnel. Clear communication from leadership is essential to build and reinforce a strong security culture. From the bottom up, employees should take pride in the company’s security culture and be incentivized to engage in security training and uphold standards. Encouraging reminders about security hygiene and best practices among colleagues and clients can further support these efforts.
External Collaboration
Your company may also want to consider collaborating with industry bodies and government agencies responsible for cybersecurity. For example by joining relevant associations that encourage cyber threat information sharing through public-private partnerships such as the Financial Services Information Sharing and Analysis Center. Enterprise leaders and security talent can also follow cybersecurity initiatives led by ASEAN to understand in more detail how the increasingly hostile cyber threat landscape is being addressed cooperatively across the region and how your firm might be able to contribute.
Future Outlook
As we look ahead, several trends are likely to shape the cybersecurity landscape in Southeast Asia and influence your company’s perspective on cybersecurity spending. Increased regulatory pressure is expected, with governments likely to introduce stricter cybersecurity regulations, making compliance a critical business imperative. AI-driven threats and defenses will become more sophisticated, requiring your firm to stay ahead of the curve. With more businesses in the region adopting cloud technologies, securing cloud infrastructure will also become a top priority. The cybersecurity skills gap is likely to widen, making your firm’s ability to acquire and retain security talent a key challenge. Lastly, with the proliferation of Internet of Things (IoT) devices, securing interconnected systems across your enterprise or customer environment will become increasingly important.
Conclusion
By reframing cybersecurity from a cost center to a growth driver, enterprise leaders in Southeast Asia can confidently view security investments as a catalyst for long-term resilience and financial prosperity. Effective cybersecurity enhances operational efficiency, drives sales for products that are “secure by design” and strengthens governance, which builds trust with a wide range of stakeholders. When combined with a strong and collaborative security culture, proactive training, well-equipped talent, practical technology solutions, thorough testing and comprehensive tracking, these efforts not only safeguard the enterprise but also contribute to the broader economic and security landscape across the region.
As cyber threats continue to evolve, the time to act is now. We encourage all businesses, regardless of size or sector, to reassess their cybersecurity strategies and consider how they can leverage security as a competitive advantage in the cyber age.
Resources for Further Information
For country-specific cybersecurity guidance and support, please refer to the following national agencies:
Indonesia: The National Cyber and Crypto Agency (BSSN)
Philippines: The Department of Information and Communications Technology (DICT)
Singapore: The Cyber Security Agency (CSA) of Singapore
Thailand: The Ministry of Digital Economy and Society (MDES) and the National Cyber Security Agency (NCSA)
Vietnam: The Ministry of Information and Communications (MIC)
About Anzenix
Anzenix is a boutique cybersecurity and intelligence consulting firm specializing in strategic advisory and tailored managed services to enterprises and high-net worth individuals across the Asia Pacific region. Leveraging cutting-edge technologies and global expertise, we deliver high-touch, customized solutions to address complex security challenges.
If you are interested to learn more about how our cybersecurity solutions could help your organization please get in touch with us today!