In the VUCA era characterized by Volatility, Uncertainty, Complexity, and Ambiguity, companies in developing countries face significant challenges in managing digital risks. Rapid technological advancements open new opportunities but also bring serious threats such as cyber attacks, data breaches, and privacy violations, which are becoming increasingly common. These risks require serious attention from companies aiming not just to survive but to thrive amidst the changing market dynamics.
Recent data from Cybersecurity Ventures, Ponemon Institute, and IBM Security highlight a worrying trend in increasing digital risks, with global losses from cybercrime expected to rise significantly and the average cost of recovering from a data breach reaching millions of dollars per incident. These challenges are compounded by increasingly stringent government regulations and difficulties in recruiting staff with adequate cybersecurity skills, adding to the compliance burden for companies.
In developing countries, where technological infrastructure may not be fully mature, vulnerabilities to digital risks are higher. The widespread digitization in business operations makes cyber attacks, data leaks, and privacy breaches more frequent. Therefore, managing digital risk is not just about protecting assets but also about building trust with customers and business partners. It is crucial for companies, especially in developing countries, to enhance their digital risk management efforts. This step is vital to minimize potential losses and ensure business continuity, effectively navigating the challenges of the VUCA era.
Specific Challenges in Developing Countries
The impact of digital risks on companies in developing countries during the VUCA era can be significant, affecting various operational aspects and the sustainability of businesses. Amid the rapid adoption of digital technology, these companies face unique challenges that can exacerbate the impact of digital risks:
Financial losses
Ransomware and phishing attacks pose a serious threat to companies in the digital era, capable of causing direct financial loss and halting business operations. For example, the ransomware attack on Kaseya in July 2021 highlights the potential impact of such cyber attacks. Kaseya, a company providing IT management solutions for businesses, suffered an attack by the REvil hacker group, affecting around 1,500 global companies by encrypting their data and demanding a $70 million ransom for recovery.
According to data from Sophos, a global cybersecurity company offering protection against malicious software attacks, including ransomware, the average cost of recovery from a ransomware attack in 2023 reaches $1.82 million, not including the ransom payment. For companies with annual revenues less than $10 million, the average recovery cost is $165,520, while for those with revenues over $5 billion, the average cost approaches $5 million. Furthermore, 84% of private sector organizations hit by ransomware reported revenue losses due to missed business opportunities. This data underscores the importance of effective digital risk management and investment in cybersecurity to protect company assets and operations.
Reputational Damage
Customer data breaches are not just potential security incidents that can harm users but can also cause serious damage to a company’s reputation. The incident that occurred with Tokopedia in 2020 shows the significant impact on a company. As a leading e-commerce platform in Indonesia, Tokopedia experienced a data leak affecting the personal information of 91 million user accounts, including names, emails, phone numbers, and home addresses. Consequently, not only were user data compromised, but Tokopedia’s reputation was tarnished, leading to a loss of trust from many customers. In response, Tokopedia had to issue a public apology and implement significant measures to enhance its user data security, in a strenuous effort to restore trust and repair the company’s image.
Beyond the security incident itself, a company’s reputation in developing countries can also be negatively affected by black campaigns or unsatisfied consumer reviews. In an era where social media plays a key role in spreading information, negative news about a company can quickly spread and be amplified, worsening the situation. Negative campaigns or poor reviews from consumers can accelerate the decline of a company’s reputation, which in turn can lead to decreased sales and revenue.
However, restoring reputation and regaining public trust is neither an easy nor cheap task. It requires significant investment in time and resources, both in publicity campaigns to improve the image and in enhancing digital security infrastructure, to ensure similar incidents do not recur. In many cases, the cost of restoring reputation and public trust can be far more expensive than initial prevention measures against digital security risks.
Operational Disruptions
Cyber attacks can severely impact the smooth operation of a business, whether through direct assaults on information technology (IT) infrastructure or through the dissemination of malware that disrupts systems. The effects of these attacks can be widespread, damaging productivity and halting the provision of services to customers. A concrete example occurred in November 2023, as reported by Reuters, when a disruption at Optus, Australia’s second-largest telecommunications operator, caused nearly half of the country’s population to lose internet and phone access for a day, leading to chaos in payment systems, transportation, and healthcare. This incident raised questions about the vulnerability of the nation’s core infrastructure. The disruption was first reported around 4 AM local time (1700 GMT on Tuesday), and it was not until around 5:30 PM that Optus announced services had been restored.
Approximately 10 million Australians, or 40% of the population, who are Optus customers, were unable to use their smartphones, broadband internet, or landlines for most of the day. The impact of this disruption was significant, with hospitals unable to receive phone calls, small businesses unable to process electronic payments, and train networks and ride-sharing services experiencing simultaneous disruptions in various cities.
Regulatory Compliance and Fines
Strict regulations related to data security and privacy are now being implemented in many developing countries, placing companies at great financial risk if they fail to comply with established standards. For example, the ride-hailing operator Grab was fined SG$10,000 in 2020 for failing to secure the personal details of its drivers and passengers on their mobile app. This was the fourth time in the last two years that Grab was found to have violated data protection laws. According to a written decision published on their website by the Personal Data Protection Commission (PDPC), a software update to the Grab ride-hailing app on August 30, 2019, inadvertently exposed the personal data of 21,541 GrabHitch drivers and passengers to the risk of unauthorized access. This case underscores the importance of compliance with data security regulations to avoid penalties and maintain user trust.
Resource Drain
In facing digital risks, companies require substantial investments in cybersecurity aspects, employee training, and the development and maintenance of information technology. This poses a particular challenge for companies operating in developing countries, where access to and availability of cybersecurity resources are often limited. Investments in cybersecurity not only include the purchase of sophisticated software or hardware but also cover costs for training employees to recognize and respond effectively to cyber threats. Furthermore, companies must also invest in information technology to ensure their systems are updated and protected against continually evolving attacks.
This can include regular system updates, the use of firewalls, data encryption, and other security monitoring tools. However, the costs for implementing and maintaining a secure IT infrastructure can be very high, especially for small and medium-sized enterprises that may not have sufficient funds. With limited resources, companies in developing countries often have to weigh and prioritize where they allocate their funds. Investing in cybersecurity and IT, while essential, can reduce the resources available for other growth initiatives such as market expansion, product development, or marketing initiatives. This situation creates a dilemma for many businesses, which must find a balance between protecting their digital assets and advancing their strategic company goals.
Investment Uncertainty
High digital risk is a primary factor that can influence investors’ decisions in allocating their capital. In today’s digital era, where cyber attacks and data breaches are increasingly common, a company’s digital security becomes a crucial indicator assessed by investors. High digital risk not only indicates potential direct financial losses but also signifies the possibility of long-term reputational damage that can impact the value and sustainability of the business.
Investors tend to look for safe and profitable investment opportunities with minimal risk. When a company or specific sector shows vulnerability to digital risks, it can trigger concerns about possible security incidents that could disrupt business operations, harm customers, and require significant recovery costs. Such impacts can decrease investor confidence, which in turn makes them hesitant to allocate investment capital to companies or sectors perceived as risky.
The uncertainty caused by digital risks can also make it difficult for companies to obtain funding for expansion or innovation. For startups or growing businesses, access to investment capital is crucial for growth and the development of new products or services. Without financial support from investors, companies may struggle to compete in the market, adopt new technologies, or meet customer demand.
Supply Chain Disruptions
In the current global economic context, cyber attacks impact not only the directly targeted companies but can also affect the entire cross-country supply chain. Developing countries, which often play a crucial role in the global supply chain as suppliers of raw materials, manufacturing, or processing centers, can experience significant negative impacts from disruptions caused by cyber attacks. When a cyber attack occurs on one entity within the supply chain, a domino effect can unfold.
For instance, an attack on an electronic component factory in a developing country can halt production, leading to delays in shipping components to manufacturing companies in other countries. These delays affect not only the directly involved companies but also the entire network of businesses dependent on that supply, including the automotive, technology, and consumer electronics industries. Disruptions in the supply chain can lead to increased production costs, delays in new product launches, and revenue losses for the impacted companies.
Furthermore, these disruptions can damage the reputation of companies in the eyes of consumers and investors, affecting stock values and future investments. For developing countries, whose economies often heavily rely on specific sectors or export trade, the impact of supply chain disruptions due to cyber attacks can be even broader, causing macroeconomic disturbances. This not only affects companies within the supply chain but can also disrupt employment, the country’s income from exports, and ultimately, the overall economic growth of that nation.
In the VUCA (volatility, uncertainty, complexity, and ambiguity) era, companies in developing countries face various significant digital risk challenges, ranging from ransomware and phishing attacks that cause direct financial losses, data breaches that damage reputation, to challenges in complying with increasingly strict data security regulations. The impact of digital risks is not limited to financial and reputational aspects but also disrupts business operations and causes investment uncertainty, while disruptions in the supply chain can have a domino effect that affects the macro economy of developing countries.