Just 1% Singapore firms ready vs evolving cyber threats

Only one in every 100 organisations in Singapore have the “mature” level of readiness needed to be resilient against modern cybersecurity risks, according to Cisco.  

Cisco research found that companies today continue to be targeted with a variety of techniques that range from phishing and ransomware to supply chain and social engineering attacks. 

And while they are building defences against these attacks, they still struggle to defend against them, slowed down by their own overly complex security postures that are dominated by multiple point solutions.  

These challenges are compounded in today’s distributed working environments where data can be spread across limitless services, devices, applications, and users. 

However, 81% of companies still feel moderately to very confident in their ability to defend against a cyberattack with their current infrastructure. This disparity between confidence and readiness suggests that companies may have misplaced confidence in their ability to navigate the threat landscape and may not be properly assessing the true scale of the challenges they face. 

Cisco assessed the readiness of companies on five key pillars — identity intelligence, network resilience, machine trustworthiness, cloud reinforcement, and AI fortification. 

Results are based on a double-blind survey of more than 8,000 private-sector security and business leaders across 30 global markets conducted by an independent third party. 

Companies were then classified into four stages of increasing readiness — beginner, formative, progressive and mature. 

“Today’s organisations need to prioritise investments in integrated platforms and lean into AI in order to operate at machine scale and finally tip the scales in the favor of defenders,” said Jeetu Patel, EVP and general manager of security and collaboration at Cisco.

Bee Kheng Tay, president of Cisco ASEAN, said businesses in Singapore need to adopt a multi-pronged platform approach to their cyber resilience, from investing in protective cybersecurity measures to leveraging generative AI to enhance their security programs, and bridging the cybersecurity talent gap to establish a baseline of readiness across their organisation.  

Overall, the study found that in Singapore 1% of companies are ready to tackle today’s threats, with nearly three-quarters (71%) of falling into the beginner or formative stages of readiness. 

Further, 82% of respondents said they expect a cybersecurity incident to disrupt their business in the next 12 to 24 months. 

The cost of being unprepared can be substantial, as 49% of respondents said they experienced a cybersecurity incident in the last 12 months, and 69% of those affected said it cost them at least US$300,000.  

The traditional approach of adopting multiple cybersecurity point solutions has not delivered effective results, as 85% of respondents admitted that having multiple point solutions slowed down their team’s ability to detect, respond and recover from incidents.

This raises significant concerns as 69% of organisations said they have deployed 10 or more point solutions in their security stacks, while 27% said they have 30 or more.  

Also, 85% of companies said their employees access company platforms from unmanaged devices, and 44% of those spend at least one-fifth (20%) of their time logged onto company networks from unmanaged devices. 

Additionally, 33% reported that their employees hop between at least six networks over a week. 

Progress is being further hampered by critical talent shortages, with 90% of companies highlighting it as an issue. In fact, 43% of companies said they had more than 10 roles related to cybersecurity unfilled in their organisation at the time of the survey. 

Further, companies are aware of the challenge and are ramping up their defenses, with 99% of companies expecting to increase their cybersecurity budget in the next 12 months, and 91% of respondents saying their budgets will increase by 10% or more. 

Nearly half (46%) are also planning to significantly upgrade their IT infrastructure in the next 12 to 24 months. This is a marked increase from just 19% who planned to do so last year. 

Most prominently, organisations plan to upgrade existing solutions (66%), deploy new solutions (54%), and invest in AI-driven technologies (58%).