Singapore, March 8, 2024 – Cybersecurity expenditures are increasing among Singaporean organisations, says a recent research by KnowBe4. Nearly eighty-seven percent of the respondents indicated that they plan to invest in cybersecurity by allocating funds in 2024. From 72% reported the year before in 2022, this represents a notable increase.
The study reveals alarming patterns in cybersecurity awareness and readiness among Singaporean enterprises, even in spite of the augmented spending. Over 50% of IT decision-makers in Singapore (up from 45% in 2022) express concern about phishing, viewing it as a major risk to their companies, and nearly 40% are worried about BEC (Business Email Compromise) (38% up from 30% in 2022 and down from 40% in 2021).
It is concerning to note that only two out of five (38%) of Singaporean IT decision makers are confident their employees can recognise phishing and BEC emails (37% in 2022 and 43% in 2021), and that (40%) of employees report any emails they believe to be suspicious (41% in 2022 and 40% in 2021). Disturbingly, less than half (45% – down from 47% in 2022 and 54% in 2021) of these decision makers believe this.
According to David Bochsler, VP of sales APAC at KnowBe4, “As one of the most interconnected countries in the world, Singapore is a prominent target for cyber-attacks and cyber-crime. The planned increase in cyber spend demonstrates that protecting organisations remains a high priority for Singaporean IT professionals. As the nation accelerates it’s digitisation efforts, there is a heightened sense of urgency to shield organisations from evolving cyber threats.”
Cybersecurity awareness training the most popular investment
Of those who are planning on spending money towards cybersecurity in 2024, the most popular area of investment is to spend funds on a cybersecurity awareness training program with ongoing and relevant content (64% – up from 56% in 2022 and 65% in 2021), followed by new cybersecurity software solutions (61% – up from 54% in 2022 and 57% in 2021), and employee policy changes related to cybersecurity (55% – same as in 2022, and 47% in 2021).
Other areas of investment include cybersecurity insurance (50% – up from 36% in 2022 and 55% in 2021), simulated phishing and social engineering for end users (49% – up from 42% in 2022 and 44% in 2021), and further investment in infrastructure (45% – up from 40% in 2022 and 55% in 2021).
“With an emphasis on spending cybersecurity funds on security awareness training, it is clear that employees’ behaviour is a major concern when it comes to cybersecurity risk. There is no one-stop solution for cyber protection. Rather, organizations should focus their efforts on ultimately creating a strong security culture,” said Bochsler.
Singaporean organisations unprepared for data breaches
Also a cause for concern, only two in five (42% – up from 37% in 2022 and down from 51% in 2021) of IT decision makers say they are confident they would know the steps they would need to take following a cyber incident or data breach in their organisation.
“Unfortunately, the prevalence of breaches has continued to increase and preparing employees to be the last line of defence for an organisation is a critical component of a strong cybersecurity programme,” warns Bochsler. “It is key for organisations throughout Singapore to adopt a holistic approach that includes building a resilient human firewall through effective training and awareness programmes.”