The majority of business leaders globally (65 percent) and in Singapore (76 percent) are planning and implementing their information security based on compliance requirements rather than considering long-term business ambitions.
These findings were unveiled in KPMG’s 2022 Cyber Trust Insights report which surveyed 1,881 executives (largely C-Suite and Board members) from over 30 countries.
This comes despite the fact that organisations are placing advanced data and sophisticated analytics at the heart of their operations and reshaping customer experiences with innovative digital services (see Table 1), all of which are likely to introduce new cybersecurity challenges.
For instance, majority of business leaders (Global: 78 percent; Singapore: 86 percent) surveyed in KPMG’s 2022 Cyber Trust Insights indicate that artificial learning (AI) and machine learning (ML), that synergises with technologies such as IoT and 5G, raise unique cybersecurity challenges that require special attention.
Wong Loke Yeow, Partner of Cyber Advisory at KPMG in Singapore said, “Majority of businesses are expected to embrace disruptive new platforms (including Web3 and the Metaverse) within two years and, over the next three years, increasingly ramp up their investment in areas such as internet of things (IoT), edge computing and 5G.
Against this backdrop, building and protecting trust will be integral to how businesses operate and interact with stakeholders. Weaving cybersecurity into the fabric of the organisation, positioning the role of the Chief Information Security Officer (CISO) as a key executive, securing the support of leadership, and collaborating with other partners in the corporate ecosystem will be key to providing the assurance consumers desire and securing corporate reputation.”
Top factor undermining stakeholder trust is data breaches and cyber incidents
Close to half of Singapore’s business leaders (46 percent) and over one-third of business leaders globally (37 percent) also note that trust in their organisations affects profitability, can deliver growth in market share (Global: 29 percent; Singapore: 36 percent), and is critical for reputation (Global: 30 percent; Singapore: 34 percent).
Data security continues to be a key determinant of stakeholder trust in Singapore. Local business leaders said the top factor affecting trust in their organisation’s ability to protect and use data is recent data breaches or other cyber incidents (42 percent), while global business leaders cited concerns over how data is protected (36 percent). Table 2 details these factors.
Hence, many companies have made it their priority to build stakeholder trust. 8 in 10 Singapore businesses cite increasing trust across the stakeholder spectrum as the leading consideration for their cyber-risk programme.
This high value placed on providing assurance to consumers may stem in part from the accelerating growth of cybersecurity and privacy regulations globally and the repercussions of failing to meet them.
Currently, 33 percent of Singapore executives worry about corporate reporting disclosures related to cybersecurity, while 47 percent worry about their ability to meet existing or new cybersecurity regulations when activities are outsourced to digital service providers. This is compared to 34 and 36 percent of global executives respectively.
Akhilesh Tuteja, KPMG’s Cyber Security Practice Leader, commented “Each new data activity that an organization embarks on exposes them to potential vulnerabilities and risks that should be guarded against to maintain trust.
Executives are starting to acknowledge these risks – many of our respondents (78 percent) agree that new technologies [such as AI and machine learning] come with unique, and often ill-understood, cybersecurity and trust challenges. If these challenges aren’t adequately addressed, the risk to an organization can be extreme.”
The increasing emphasis placed on environmental, social and governance (ESG) goals in recent years also means that stakeholder demands for greater transparency and oversight now extend to organisations’ cybersecurity posture.
About 3 in 10 Singapore companies (28 percent) see their Chief Information Security Officer (CISO) or information security team as an integral part of their ESG team that drives a wide variety of ESG-related activities compared to 17 percent globally. As organisations recognise the growing social imperative around this topic, that proportion is expected to grow.
Nonetheless, in a separate survey of CEOs by KPMG, nearly three-quarters of organisations (72 percent) in Singapore are confident in their preparedness against a cyber-attack, higher than the 69 percent in Asia Pacific and 56 percent globally.
The Cyber Trust Insights report lends some credence to this, with companies saying that they have implemented risk modelling to quantify their cyber risk and visually report risk to the board (Global: 73 percent; Singapore: 84 percent), and that their risk modelling is based on comprehensive data on threats and vulnerabilities (Global: 67 percent; Singapore: 86 percent).
Businesses can be more proactive on cybersecurity collaborations
An area which businesses see room for improvement is being active members of a broader partnership in the ecosystems they operate in. Businesses know they do not operate in a vacuum, especially as they continue their digitalisation journey.
58 percent of Singapore companies admitted their organisation is not proactive enough in its cybersecurity collaborations, such as with professional bodies and the government, comparable to 53 percent of global companies which had the same sentiment.
Companies believe that the biggest advantage of collaborating on cyber security is the reduction in time it takes to identify data breaches (Global: 38 percent; Singapore: 44 percent) and that it allows them to better anticipate cyber-attacks (Global: 44 percent; Singapore: 36 percent).
At the same time, businesses cite understandable concerns such as revealing internal details about their security posture (Global: 36 percent; Singapore: 46 percent) and unnecessarily revealing their security weaknesses or failures (Global: 35 percent; Singapore: 36 percent) as barriers to participating in such external collaborations.