Nine in every 10 (92%) firms in Singapore experienced a breach in the last year that they can partially attribute to a lack of cyber skills, and four-fifths attribute increased cyber risks to the skills gap, according to a report from Fortinet.
This is based on a survey conducted by Sapio Research in January 2024, covering over 1,850 IT and cybersecurity decision-makers from 29 different countries and locations. Among respondents, 30 percent are based in the Asia-Pacific region, including Singapore.
The study found that the cyber skills gap continues to impact companies worldwide.
Corporate leaders are increasingly being held accountable for cyber incidents, with 70% of respondents in Singapore noting that directors or executives have faced fines, loss of position, or loss of employment following a cyberattack.
Additionally, 65% of respondents indicated that breaches cost their organisations more than US$1 million (SG$1.3 million) in lost revenue, fines, and other expenses last year—up from 62% in the 2023 report.
As a result, executives and boards of directors increasingly prioritise cybersecurity, with 74% of respondents saying Singapore boards were more focused on security in 2023 than the previous year. And 94% of respondents say their board sees cybersecurity as a business priority.
Also, business leaders widely regard certifications as validation of cybersecurity knowledge, and those who hold a certification or work with someone who does notice clear benefits.
This year’s survey also found that, in Singapore, 94% of respondents said they prefer hiring candidates with certifications; 92% said they would pay for an employee to obtain a cybersecurity certification; and 74% indicated that it is difficult to find candidates with technology-focused certifications.
Further, companies are expanding hiring criteria to fill open roles.
The report also found that, in Singapore, 92% of respondents said their organisations have set diversity hiring goals for the next few years; and female hires in Singapore are up to 92% from 90% in 2022.
Many organisations still prefer candidates with traditional backgrounds, with 82% still requiring four-year degrees, and 42% hiring only candidates with traditional training backgrounds.
The increasing frequency of costly cyberattacks, combined with the potential of severe personal consequences for board members and directors, is resulting in an urgent push to strengthen cyber defenses across enterprises.
As a result, organisations are focusing on a three-pronged approach to cybersecurity that combines training, awareness, and technology.
First, they are helping IT and security teams obtain vital security skills by investing in training and certifications needed to achieve this goal.
Second, they are cultivating a cyber-aware frontline staff who can contribute to a more secure organization as a first line of defense.
And third, they are using effective security solutions to ensure a strong security posture.
John Maddison, chief marketing officer at Fortinet, said the results highlight the critical need for a collaborative, multi-faceted approach to closing the skills gap.
“To effectively mitigate risk and combat today’s complex threats, organisations must employ a strategic combination of leveraging the right security technology, upskilling existing security professionals through training and certifications, and fostering a cyber-aware workforce,” said Maddison.
Jess Ng, Fortinet country head in Singapore and Brunei, said a well-trained and certified cybersecurity workforce is the first line of defense against the evolving threat landscape.