One of the reasons for this could be that organisations in Singapore have grown reliant on the government for providing them a secure business environment they can operate under. The Singapore government has taken the lead in establishing the foundation for building a robust cybersecurity defence structure for enterprises and individuals. For example, the government unveiled a comprehensive five-year National Cybersecurity Masterplan last year in 2013 with the aim of securing Singapore from cybercrime and developing the nation as a trusted infocomm hub by 2018. As cybersecurity takes centre stage in the government's national agenda, company leaders place it lower on the agenda, since the government appears to have it under control.
Another possible factor contributing towards this is that based on our research as you have rightly pointed out, only 34 percent of organisations in Singapore can measure the ROI of their cybersecurity measures, compared to Hong Kong's 68 percent and USA's 90 percent. Currently, few of them-18 percent-are able to regularly assess the value of not being hacked and only 18 percent of them know what it would cost to fix a breach. In order to justify beefing up cybersecurity policies and investing time and resources into training and boosting enterprise cyber defence, IT decision makers need to be able to demonstrate the business benefits of cybersecurity to their C-suite executives.
How do you see organisations in Singapore responding in the next year or so to hacktivism and malicious insider threats, particularly by tackling challenges re BYOD/T and the Cloud?
The expansive growth in the demand for cloud, mobility and bring-your-own device (BYOD) technologies has created powerful trends which demand a deeper integration of IT solutions to defend against potential security threats at the user interaction level. As enterprises continue to embrace mobility, end users demand access to the information they need, when they need it and on whatever device they choose. The rapid pace of mobile and remote working means that the security "perimeter" has moved to being everywhere and anywhere.
This trend is reflected in the fact that an overwhelming number of IT leaders regard these trends as a threat. An overwhelming 80 percent of them view preventing data leaked accidentally or intentionally by employees as posing a significant risk to business information security. It is becoming more important for employees to connect securely and safely to corporate resources regardless of where they are and what technologies they are using. Seventy percent believe that the increased use of personally owned devices is also a challenge, and 68 percent are concerned about cyberterrorism and cybercrime. Furthermore in the coming year, more than half believe that malicious insider threats and hacktivism will pose significantly more risk, indicating that organisations recognise the severity of these cyberthreats and are more likely to take action to prevent them.