Most firms in Singapore pay ransoms amid data recovery shortfalls

Image by Zhu Hongzhi

Increasingly sophisticated and numerous cyberattacks are forcing most companies in Singapore as well as Malaysia to pay ransoms because they can’t recover their data and restore business processes, according to a report from Cohesity.

The research polled from 504 IT and security decision-makers, including 302 in Singapore and 202 in Malaysia, shows that companies firmly operate in a “when” not “if” reality of cyberattacks, with the majority of respondents’ organisations falling victim to a ransomware attack in the last six months. 

Almost all say the threat of cyberattacks to their industry has or will increase in 2024 and most have paid a ransom in the past 12 months.

- Advertisement -

Further, 70% of respondents said their company had been the “victim of a ransomware attack” in 2024, with 65% of Singaporean respondents saying their organisation had been victims. 

According to respondents, the cyber threat landscape is expected to get even worse in 2024, with 91% of Singapore-based respondents saying the threat of cyberattacks to their industry will increase or had increased this year, and 47% said it had or will increase by over 50%.

Respondents also revealed keeping their organisations’ cyber resilience and data security strategies up to speed with the current threat landscape is challenging, with 41% of respondents saying they do not have complete confidence in their company’s cyber resilience strategy and its ability to “address today’s escalating cyber challenges and threats.’” 

In Singapore, 92% said their company had stress-tested their “data security, data management, and data recovery processes or solutions” in the past year, with 56% testing their processes or solutions in the last six months.

Only 5% of respondents in Singapore said they could recover data and restore business processes within 24 hours.

In Singapore, 26% said their company could recover data and restore business processes within one to three days. Also, 31% said this takes four to six days and 24% said it takes one to two weeks.

Among respondents in Singapore, 13% said they need over three weeks to recover data and restore business processes.

As a result, 80% of respondents in Singapore said their company would pay a ransom to recover data and restore business processes.

Further, 59% of Singaporean respondents said their company would be willing to pay over US$1 million to recover data and restore business processes, and 16% saying their company would be willing to pay over US$5 million.

Of the 64% of Singaporean respondents who had paid a ransom in the last year, 36% paid US$500,000 or more in ransom payments, while 47% have paid a ransom(s) between US$100,000 – US$499,999. 

When asked what industries and/or sectors they think are most impacted by cyberattacks, respondents in Singapore said it was IT and Technology (57%), financial services (36%), telecommunications and media (36%), banking and wealth management (35%), government and public services (32%), hospitals and healthcare (28%), and utilities (27%).

The wide reach of AI extends to the cyber threat landscape, with 76% in Singapore saying their organisation had responded to what they believe to be AI-based cyberattacks or cyber threats in the past 12 months. 

Despite being challenged by these attacks and threats that leverage AI, 90% in Singapore said they had the “necessary AI powered solutions to counter and respond to these attacks.”