Research about the cybersecurity landscape rarely reveals positive news. For years the story has always been that the number of cyber threats and their complexity is growing, whilst record breaking incidents of disruption and data leaks are reported. Yet amongst the usual findings, one piece of research from IDC recently jumped out at me, stating that 91 per cent of Singapore companies in the early stages of security preparedness.
This finding struck me as counter intuitive given that Singapore is an advanced economy and was recently ranked top of the International Telecommunication Union's (ITU) Global Cybersecurity Index (GCI) 2017. Despite this, IDC's research revealed that of the 150 senior IT professionals polled in Singapore:
- 56 per cent do not have security intelligence and event management systems to correlate and raise alerts for suspicious activity.
- 54 per cent do not have a security operations centre or a dedicated team to monitor, analyse and respond to cyber security incidents.
- 40 per cent do not have incident response plans to protect the companies' networks and critical data in the event of a cyberattack. Of those that do, only 33 percent of them actually practice it.
Based on these findings it suggests that getting the highest ranking in the GCI, whilst impressive on a national level, does not imply that companies in Singapore are where they need to be in terms of cybersecurity best practices.
To learn more, I spoke with Simon Piff, Vice President IT Security Practice, IDC Asia/Pacific, to discuss the root causes behind these findings and what can be done to improve the situation.
Richard Pain: Why is it that 91% of companies in Singapore are at an early stage of security preparedness?
Simon Piff: The real issue is the way most organisations address IT security issues, leaving it to the IT teams to solve the problems. The reality is that every employee is part of that risk. If the CEO and the board are not 100 per cent behind the requirements to secure their organisation from all the various types of risk, no matter what the IT team does, it's not going to be aligned to what the business is trying to achieve.
Sign up for CIO Asia eNewsletters.