Singapore – Only one-third of Singaporean organisations have fully implemented at least three out of five categories of measures considered “cyber essentials,” according to the recent cybersecurity health report by the nation’s cybersecurity body.
Findings of the survey revealed that businesses in the country approximately adopted 70% of the Cyber Security Agency’s five categories of cyber essentials. These include categories such as assets, secure/protect, update, backup, and respond.
Three-quarters of the individuals surveyed also expressed awareness of CSA’s national cybersecurity standards to assist organisations in prioritising cybersecurity measures for implementation.
However, it was also observed that there is insufficiency in its partial adoption, leading organisations to remain vulnerable to unnecessary cyber risks unless all essential measures are adopted.
The report further found that more than 8 out of 10 organisations experienced a cybersecurity incident in a year, with about half of them experiencing multiple incidents annually. Among the top categories of these incidents are ransomware, social engineering scams, and the exploitation of cloud misconfiguration.
Additionally, it was highlighted that these incidents consistently led to negative outcomes, with 95% of affected organisations reporting business impacts. These impacts encompass business disruption, data loss, and reputation damage.
On the other hand, a lack of knowledge and experience was the top challenge for non-adoption of cybersecurity measures, with 59% being businesses and 46% being non-profits.
The second biggest challenge identified was the belief that their organisation was unlikely to be targeted by cyberattacks. Organisations, moreover, cited challenges such as a shortage of manpower and resources, a low return on investment, and a lack of budget allocated for cybersecurity.
Talking about the report, David Koh, chief executive at the Cyber Security Agency of Singapore, said, “While organisations have put in place some measures to protect their assets, this is not sufficient, given the increasing frequency and scale of cyber threats that we are facing today.”
“Organisations should make cybersecurity a priority and take advantage of the funding support and resources available to catch up. Doing this only after an incident has happened will be much more costly,” he further added.
The report was conducted among small, medium-sized, and large organisations in between May and August of 2023 and focused on diverse cybersecurity aspects such as the frequency of cyber incidents, types of business impact experienced, and the adoption levels of cybersecurity measures.
