Small and medium-sized businesses (SMBs) in Singapore are exposed, under attack, and more worried about cybersecurity threats than before, a new study by Cisco shows.
According to the study, two in five (40%) SMBs in Singapore suffered a cyber incident in the past year. As a result of these incidents, 56% lost customer information to the hands of malicious actors.
However, the study shows that Singapore’s SMBs are faring better than the regional average. According to the survey, one in two SMBs across Asia Pacific suffered a cyber incident and 75% of those that suffered a cyber attack lost customer information due to the incident.
SMBs in Singapore are more apprehensive about cybersecurity risks, with 67% saying they are more worried about cybersecurity now than they were 12 months ago, and 77% saying they feel exposed to cyber threats.
However, they are not giving up. In fact, the study highlights that SMBs in Singapore are taking strategic measures like carrying out simulation exercises to improve their cybersecurity posture.
Titled Cybersecurity for SMBs: Asia Pacific Businesses Prepare for Digital Defense, the study is based on an independent, double-blinded survey of over 3,700 business and IT leaders with cybersecurity responsibilities across 14 markets in Asia Pacific, including 153 respondents in Singapore.
The survey highlighted that SMBs saw a myriad of ways in which attackers tried to infiltrate their systems. Malware attacks, which affected 79% of SMBs in Singapore, topped the charts, followed by phishing, with 70% saying they experienced such attacks in the past year.
The number one reason highlighted as the cause of these incidents was cybersecurity solutions being inadequate to detect or prevent the attack. More than half (52%) of those that suffered incidents ranked this as the top factor. Meanwhile, 31% ranked not having cybersecurity solutions as the number one reason.
These incidents are having a tangible impact on business. More than half (51%) of SMBs in Singapore that suffered cyber incidents in the past 12 months said that the financial impact of these incidents on the business was US$500,000 or more, with 11% saying that the impact was US$1 million or more.
“SMBs in Singapore have digitalized rapidly over the last 18 months, driven by the need to leverage technology to survive and thrive in this challenging environment,” said Andy Lee, Managing Director, Cisco, Singapore and Brunei. “This has in turn fueled a critical need for SMBs to ensure they have the solutions and capabilities to safeguard themselves on the cybersecurity front.
“This is because the more digital they become, the more attractive a target they are for malicious actors. While the growing cybersecurity concerns among SMBs may be seen as negative by some, it is actually an encouraging sign as it demonstrates increased levels of awareness and understanding of cyber risks, which is the first step in improving the security posture.”
Besides the loss of customer data, SMBs that suffered a cyber incident also lost employee data (51%), financial information (51%), internal emails (49%), sensitive business information (49%) and money through financial fraud (49%). In addition, 52% admitted it had a negative impact on their reputation.
Disruptions caused by cyber incidents can have serious implications for SMBs. Over nine in 10 (93%) SMBs in Singapore said that a downtime of anything more than an hour results in severe operational disruption, and 90% said it would result in loss of revenue. Further, one third of SMBs (36%) said a downtime of more than a day would result in a permanent closure of their organization.
In spite of these significant implications to business, only 8% of respondents in Singapore said they can detect a cyber incident within an hour. The number of those that are able to remediate a cyber incident within an hour is even lower at 5%.
“We are living in a world where customers seek instant gratification. They no longer have the patience for lengthy downtimes,” said Juan Huat Koo, Director, Cybersecurity, Cisco, ASEAN.
“It is critical for SMBs to be able to detect, investigate, and block or remediate any cyber incident in the shortest time possible. To be able to do that, they need the right technologies, and ensure that all the solutions they have integrate well with each other.
“This can be achieved by having a clear visibility across their userbase and entire IT infrastructure and taking a platform approach to cybersecurity.”