Singapore organisations are demonstrating some of the strongest third-party cyber risk management (TPRM) maturity levels globally, according to new research from BlueVoyant.
The study was conducted by independent research firm Opinion Matters, surveying 1,800 C-suite leaders worldwide, including 300 respondents from Singapore. All respondents held responsibilities in cybersecurity, supply-chain oversight, or enterprise risk across organisations with over 1,000 employees.
Findings show that Singapore leads globally with 60% of organisations surveyed reporting established or optimised TPRM programs — nearly double the Asia-Pacific average.
The findings position Singapore not only ahead of regional peers but outpacing US markets — traditionally the most mature globally.
Despite strong maturity levels, Singapore organisations continue to face significant exposure, with 93% reporting negative impacts from a supply chain related cyber breach, a sharp rise from 70% in 2024.
This increase may reflect both a growing volume of attacks and improved detection capabilities. As vendor ecosystems expand and operational dependencies deepen, the findings underscore that even the most mature programs must continue to evolve to keep pace with ongoing supply chain threats.
Key findings for Singapore show high program maturity, with 60% of organisations reporting established or optimised TPRM programs that are the highest in APAC and among the strongest globally.
There are frequent executive briefings, with 32% briefing senior leaders monthly or more, demonstrating the impact of leadership engagement, enabling faster response and stronger alignment across organisations.
There is persistent supply-chain impact, with 48% experiencing two to five breaches via third parties in the past year. Meanwhile, 36% suffered one breach.
Also, there are rising investment and outsourcing trends. Almost all (98%, up from 90% in 2024) of organisations plan to increase TPRM spending in the next 12 months. Mean\while, 45% outsource analysis of data and results from monitoring.
The study found that AI adoption is building momentum. When it comes to AI, 64% identify this technology as best suited for continuous monitoring in the next year, recognising that automation will be essential for maintaining visibility as the attack surface expands.
Further, ecosystems are expanding. Two-thirds (67%) expect their third-party networks to grow by 6%–15%. Also, 42% rely on outsourcing remediation and working with vendors on migration plans.
“As one of the leading hubs for technology and innovation in Asia, Singapore continues to set the benchmark for advanced TPRM programs,” said William Oh, head of Asia-Pacific at BlueVoyant.
“But this year’s findings show that maturity alone doesn’t guarantee protection,” said Oh. “Even with the country’s proactive approach, strong frameworks and sustained government–industry collaboration, more than 56% of organisations experienced multiple third-party breaches.
He said that the challenge has shifted from building these programs to ensuring they operate effectively day-to-day amid expanding vendor ecosystems.
“As supply chains grow more complex, tools and collaboration aren’t enough on their own. Organisations need continuous visibility into vendor risk and leadership engagement that drives real accountability,” said Oh.
“We’re seeing increased investment and strong momentum behind AI adoption, but the biggest gains come when third-party cyber risk becomes part of everyday business decisions, not just a compliance exercise,” he added. “That’s where Singapore’s most mature organisations are pulling ahead.”
