The top cybersecurity concerns for Singapore businesses are data leakage and data loss prevention (75 percent), according to the annual EY Global Information Security Survey (GISS), 'Path to cyber resilience: Sense, resist, react.'
Other important cybersecurity concerns include security testing for attack and penetration (70 percent), and identity and access management (65 percent).
The survey of 1,735 organisations globally -- including 20 from Singapore -- examined some of the most compelling cybersecurity issues businesses face today, EY said in a press statement on 16 January 2017.
"Over the last few years, Singapore has been driven by strong regulatory guidance in both the government and financial sectors to uplift the adoption of digital platforms as well as address the corresponding risks," said Gerry Chng, EY Asean Cyber Security Leader. "This has resulted in a comparatively matured ecosystem of regulators, businesses, customers, and service providers."
However, 85 percent of Singapore respondents say that their cybersecurity function does not fully meet their organisation's needs. The top cybersecurity threats are cyber attacks that disrupt or deface the organisation (69 percent), spam (67 percent), zero-day attacks (65 percent) and phishing (56 percent).
Vulnerabilities and obstacles remain
The survey revealed that the obstacles that Singapore respondents face with regard to their information security function are skilled sources (80 percent), budget constraints (60 percent), and lack of quality tools for managing information (25 percent).
The digital ecosystem and connection devices also pose challenges. Organisations struggle with the number of devices that are being added to their digital ecosystem.
Majority of the Singapore respondents (80 percent) are concerned about poor user awareness and behaviour around mobile devices. In addition 60 percent cited the loss of a smart device as a top risk because it would encompass both information and identity loss.
In the event of an attack that has resulted in the compromise of data, most Singapore companies recognise their responsibility to stakeholders.
Eighty percent of Singapore respondents (global 52 percent) will notify affected customers of an attack that definitely compromised data within the first week. Seventy-five percent of Singapore respondents (global 57 percent) have an agreed communications strategy or plan in place in the event of a significant attack.
Sign up for CIO Asia eNewsletters.