Singapore firms recognise cybersecurity importance, but not armed for it

Majority of local companies seek expert help in cybersecurity, but 56 percent do not have systems to trigger alerts of unusual activities and 40 percent do not have incident response plans.

The majority of organisations in Singapore recognise the importance of cybersecurity, but fewer are adequately prepared to deal with incidents or have the necessary response plan in place.

Some 91 percent said they sought guidance from cybersecurity experts, but 75 percent did not have dedicated IT security budgets and planning processes, according to a survey released by local security vendor Quann, and jointly conducted with IDC. The study polled 150 senior IT professionals from medium to large companies in Singapore, Hong Kong, and Malaysia. Of this, 57 were from Singapore, while 52 were from Malaysia, and 41 from Hong Kong.

Some 56 percent in Singapore did not have security intelligence systems that could trigger alerts for any unusual activities, and 54 percent did not have a security operations centre or dedicated team to monitor and respond to incidents flagged by systems.

Some 32 percent had security support only during work hours, while 25 percent had this only during the work week. Another 40 percent did not establish any incident response plans in case of cybersecurity attacks and 33 percent required all employees including the CEO to participate in awareness training.

Furthermore, 16 percent would invite executives to board meetings and involve them in risk assessment.

IDC's Asia-Pacific vice president of IT security practice, Simon Piff, said: "Not all C-suites in Asia are fully conversant with the fundamentals of a robust cybersecurity strategy and the appropriate investments. Cybersecurity investments are akin to military spending--we do it in the hope that we would never have to use the tools.

"They need to understand that this is not a business ROI (returns on investment) with immediate, visible returns. However, the consequences of not taking a proactive approach now could lead to legal disputes, customer dissatisfaction, and even loss of jobs and careers at all levels in the organisation," Piff said.

Quann's managing director Foo Siang-tse added that many companies, despite the obvious threats, were not investing enough in IT security, leaving them vulnerable. "The recent WannaCry and Petya ransomware incidents are just the tip of the iceberg. Companies need to recognise that having a comprehensive security plan, comprising detection systems, robust processes, and equipped individuals are critical in enabling them to detect threats early and mitigate their impact," Foo said.