Most (91 percent) companies in Singapore are in the early stages of security preparedness, according to the 'Quann IT Security End User Study 2017' by research firm IDC and managed security services provider Quann.
These companies are vulnerable to cyberattacks due to significant gaps in security device deployment, cyber awareness, resources and preparedness for attacks.
More than half (56 percent) of the 150 senior IT professionals in Singapore polled said their companies do not have Security Intelligence and Event Management Systems to correlate and raise alerts for any anomalies in a timely manner.
Nearly 6 in 10 (54 percent) respondents also do not have a Security Operations Center (SOC) or a dedicated team to proactively monitor, analyse and respond to cyber security incidents that are flagged by the systems.
Besides that, the study found that most Singapore companies are not well-prepared in the event of cyberattacks. Forty percent of respondents do not have incident response plans to protect the companies' networks and critical data in the event of a cyberattack. Only 33 percent of them practise their incident response plans too.
In addition, 75 percent of the polled IT professionals said their companies do not have a dedicated IT security budget and planning process. They also do not have round-the-clock security support, with 32 percent having security support only during work hours, and a quarter (25 percent) having it only during the work week.
It was also revealed that most Singapore companies rarely engage senior leadership when formulating IT security strategies. More than nine in 10 (91 percent) consult security executives, but only 16 percent of them will invite the executives to board meetings and involve them in risk assessment.
"The findings are worrying but they don't come as a surprise. Many companies are simply not investing enough in IT security, despite the obvious threats. The lack of investment in security infrastructure, professional services and employee training makes them extremely vulnerable," said Foo Siang-tse, managing director, Quann. "Companies need to recognise that having a comprehensive security plan, comprising detection systems, robust processes and equipped individuals are critical in enabling them to detect threats early and mitigate their impact."
"Not all C-Suites in Asia are fully conversant with the fundamentals of a robust cyber security strategy and the appropriate investments. Cyber security investments are akin to military spending -- we do it in the hope that we would never have to use the tools," said Simon Piff, vice president of IDC Asia/Pacific's IT Security Practice. "They need to understand that this is not a business ROI with immediate, visible returns. However, the consequences of not taking a proactive approach now could lead to legal disputes, customer dissatisfaction, and even loss of jobs and careers at all levels in the organisation."
Sign up for CIO Asia eNewsletters.