Study: Fewer Singapore firms report supply chain breaches

Reducing supply chain cyber risk remains a persistent problem among firms in Singapore, with more than 70% of organisations reporting an average of 3.97 breaches impacting operations this year, according to the latest report from BlueVoyant.

The is based on data collected between August 20 and August 29, 2024, from 2,100 CISOs, COOs, CSOs, CTOs and chief procurement officers of companies based in 11 markets, including in the United States, Canada, Europe and Asia-Pacific particularly Singapore.

This year’s study indicates that organisations in Singapore are making progress in enhancing their cyber security efforts with the data showing increasing board oversight, growing budgets, and rising third-party monitoring frequency reflecting a positive shift compared to last year’s figures. An average of 4.42 reported breaches in 2023 now decreased to 3.97 in 2024.

- Advertisement -

Outperforming global figures, Singapore organisations also reported greater awareness, with only 24% indicating no way of knowing issues with third parties, compared to the global average of 30%. 

Showing evidence of a greater focus to monitor vendors, Singaporean enterprises are reportedly more diligent in assessing vendors, with 59% doing so compared to 50% globally. Continuous visibility into third-party risks is reportedly higher at 21%, compared to 15% globally.

Findings also show that third-party monitoring is a growing priority. While Singapore respondents reportedly evaluate fewer suppliers for cyber security risk, with 43% saying they are focusing on 101-500 vendors, they are more likely to say they monitor all third parties (33% compared to 30% globally).

Further, continuous monitoring is the most common reported solution for third-party cyber security in Singapore, adopted by 30% of organisations, slightly ahead of network scanning and penetration tests (29%). Singapore’s respondents are also more inclined to report outsourcing the analysis of monitoring data (34%).

Monitoring frequency is on the rise. Organisations in Singapore are proactive in monitoring cyber security risks, with monthly assessments reportedly being the norm (28%). Senior management is reportedly mostly briefed semi-annually (27%), with a higher frequency of weekly (7%) and monthly (16%) briefings compared to global figures.

While 44% or organisations maintain periodic autonomous transparency/visibility of certain aspects of cyber risk management, 35% said they have no way of autonomously seeing the cyber risk posture of third parties and rely on self-reporting.

Further, budgets for third-party cyber risk management have increased for 90% of Singapore respondents, surpassing the global average of 86%.

In addition, firms are concerned over recent breaches. Almost 50% (47%) of Singapore organisations indicated the news of breaches over the past 12 months (ex. MOVEit and other large supply chain cyber security breaches) are likely to lead to an increase in budget for additional internal and external resources to help protect against supply chain cyber security issues.

“Although the data demonstrates that local organisations are prioritising monitoring of third parties, supply chain breaches will continue to remain a significant concern in Singapore,” said Sumit Bansal, BlueVoyant VP in Asia Pacific and Japan. 

He said that Singaporean organisations increasingly rely on external vendors and partners to support their operations, and one weak link can expose entire networks to potential compromise,

“While challenges remain, the progress made over the past year is encouraging and reflects a deeper awareness of the importance of securing digital infrastructure and fostering closer collaboration with supply chain partners to stay resilient,” he added.

Joel Molinoff, global head of Supply Chain Defence at BlueVoyant added that more organisations than any previous year indicated that their primary focus is no longer on awareness of the third-party risk management problem or adoption of a program, but rather with the operational, day-to-day challenges of managing an effective program. 

“While this progress also brings many new challenges, it indicates a major step in the right direction when contrasted with previous years where many organisations had poor tracking of third-party vendors, little to no leadership oversight, and virtually no collaboration when it came to remediating cyber issues,” said Molinoff.