CISOs in Singapore less confident than global counterparts

Adopting hybrid working policies and cloud tools have made organisations more vulnerable to cyber threats, with 44% of chief information security officers (CISOs) in Singapore reportedly seeing more targeted attacks in 2022 since enabling widespread remote working, an uptick of 13% from 2021, the latest Voice of CISO report from Proofpoint shows.

Conducted by research firm Censuswide between February 22 and March 8, the survey covered 1,400 CISOs from firms with are least 200 employees, across different industries in 14 countries. 

There were 100 respondents in each country, which included the United States, Canada, the United Kingdom, France, Germany, Italy, Spain, Sweden, the Netherlands, UAE, KSA, Australia, Japan and Singapore.

Findings show that since flexible arrangements are preferred by the majority of Singaporeans, CISOs need to be prepared to tackle new challenges around information protection in work-from-anywhere setups – especially as 53% consider human error to be their biggest cyber vulnerability. In 

Respondents in Singapore believe threat actors are likely to take advantage of the rapid adoption of cloud collaboration tools – counting cloud account compromise (such as Microsoft 365, Google Workspaces, etc.) as the second most significant threat targeting their organisation (33%). 

Also, the report showed that CISOs in Singapore have a higher risk perception (64%) than the reported global average (48%), highlighting that CISOs in Singapore are less confident about their cyber security posture than global counterparts. On the other hand, 61% of CISOs in Singapore believe that their organisation is prepared for a targeted attack in 2022.

“Overall, CISOs appear to have embraced 2022 as the calm after the storm but may be falling into a false sense of security,” said Yvette Lejins, resident CISO in APJ at Proofpoint. “With rising geopolitical tensions and increasing people-focused attacks, the same gaps of user awareness, preparation and prevention must be plugged before the cybersecurity seas grow rough once more.”

Findings from Singapore also show that employee security awareness is on the rise, but users are still not adequately skilled for the role of cyber defence. While 59% of Singapore-surveyed respondents believe employees understand their role in protecting their organisation from cyber threats, 53% of global CISOs still consider human error to be their organisation’s biggest cyber vulnerability. 

Further, recent high-profile attacks have pushed ransomware to the top of the agenda for organisations, with 52% of CISOs in Singapore revealing they had purchased cyber insurance and 48% focusing on prevention over detection and response strategies. Despite the rising stakes, however, a concerning 56% of CISOs in Singapore admit they have no ransom payment policy in place.