New study reveals that digital transformation among organizations in Singapore is hindered by cyber risks, misconceptions about cloud security, and ineffective planning and preparation for cybersecurity.

A new Forcepoint study in Singapore conducted by Frost & Sullivan has revealed that local organizations’ failure to prioritize cybersecurity is hindering their digital transformation journey. 

The study finds that most Singapore organizations (78%) didn’t think about cybersecurity before embarking on their current digital transformation projects.

Less than half of the companies surveyed (47%) conducted regular breach assessments, and more than a third of firms in Singapore (37%) have encountered a data breach.

Although the cloud is a key component of digital transformation (75% of respondents have adopted cloud), many organizations think cybersecurity is the responsibility of their cloud service provider.

“It’s clear from this study that many Singapore firms are on the back foot when it comes to enterprise cybersecurity in the borderless organization,” said Kenny Yeo, Industry Principal, APAC ICT, Frost & Sullivan. “Security leaders need to look beyond perimeter security, leverage automation, and adopt a human-centric security approach that focuses on understanding users’ behavior on the network and within applications to effectively curb attacks.”

Digital transformation hindered by cyber risks 

The study reveals a big push for digital transformation among Singapore organizations, with 94% of respondents having embarked on a digital transformation journey, adopting emerging technologies including cloud computing, mobility, internet of things and artificial intelligence/machine learning. However, most organizations, or 65% of respondents, acknowledged that they are seriously hampered in the execution of their digital transformation projects due to rising cyber-attacks. 

One of the key reasons for this is business leaders’ less mature approach of not involving cybersecurity when designing digital transformation projects. 78% of the respondents did not consider cybersecurity until after their digital transformation projects had begun.

Only 8% of Singapore organizations saw cybersecurity as a business enabler for their digital transformation needs. As much as 18% saw it primarily as a cost center. Also concerning is the fact that 70% of firms don’t involve their C-level execs while preparing for potential cybersecurity breaches.

Most organizations surveyed underestimate the impact of cybersecurity incidents on both their operations and their customers.

“Organizations today need to urgently embrace ‘secure-by-design’ into their digital transformation projects,” said Alvin Rodrigues, senior director and security strategist at Forcepoint Asia Pacific.  “They also need to better harness cybersecurity to drive business and get board-level executives more involved in risk management. There is a clear link between firms who involve their C-level execs and better breach preparedness.”

Serious misconceptions around security in the cloud

Cloud has become one of the key components which is leading digital transformation, with 75% of Singapore organizations adopting the technology.

However, 50% of respondents perceive that their cloud service provider will take full responsibility for security. Normally, security and compliance are a shared responsibility between an organization and the cloud service provider.

This serious misconception around responsibility of security in the cloud is resulting in a higher number of cyber-attacks.

Enterprises not doing enough to protect themselves against cyber incidents

The findings show that not many organizations have taken measures to protect themselves against cyber incidents, with only 47% of them performing breach assessments at least once per quarter.

This low readiness put 53% of Singapore companies at risk − either they have encountered a security incident before, or they didn’t do any checks to assess if they have been breached.

  • 37% of Singapore organizations suffered at least one cybersecurity incident in the last 12 months. 
  • Institutions in the banking, financial services, and insurance sector were the most diligent, with 62% of BFSI firms performing regular breach assessments (at least once a quarter), way more than the next highest industry (energy and utilities at 17%).

The study, however, shows cyber insurance becoming increasingly popular to deal with security breaches. 59% of organizations – especially in FSI, energy & utilities, and education – have cyber insurance in place.

Top 5 security blind spots in digital transformation

The study also reveals the impact digital transformation is having on each organization’s risk posture. As more digital technologies like cloud and mobility are built into businesses, it is opening each organization up to more threats.

Data corruption, denial of service attacks, data exfiltration, general malware infection, and insider threats emerged as the top security blind spots for Singapore organizations rolling out digital transformation.

These five incident types have high levels of business impact and long recovery times.