Singapore most exposed, but also most prepared in cybersecurity: Deloitte

March 26, 2020

Singapore faces the highest cybersecurity risk in Asia-Pacific due to its high internet adoption rate, but it also is the most prepared to deal with it in terms of policies and organisational readiness. On the other end of the spectrum, Indonesia faces the least risk exposure and also is the least prepared to handle cybersecurity incidents.

And there is value in being ready to face such threats–in fact, to the tune of an additional $145 billion to the region’s GDP over 10 years, according to Deloitte’s Cyber Smart Index. Businesses that are confident that cyber risks can be effectively managed are more willing to invest in technology, hence, improving productivity and fuelling growth in the industry.

Singapore sets up committee to review public sector data security, but stands firm on PDPA exemption

Following several breaches involving government entities, Singapore’s prime minister has assembled a committee to review data security practices in the public sector, but the government stands firm on excluding these agencies from the country’s Personal Data Protection Act.

Commissioned by VMware, the report was based on the analysis of Deloitte’s cyber consultants who assessed the level of cyber risk exposure and readiness based on several components including size of attack surface, frequency of attacks, sophistication of the legislative environment, organisational capability to respond to cyber threats, and the extent of best practices deployed in the country. The report examined 12 markets across the Asia-Pacific region, including Australia, Japan, India, Thailand, and the Philippines.

Across the board, the region scored 56 out of 100 in terms of cyber preparedness, signalling significant room for improvement.

Faced with high cyber risks, the Deloitte report noted that Singapore had rolled out a nationwide security masterplan and introduced programmes such as the Co-Innovation and Development Proof of Concept to provide seed funding and support developments in the sector. The Monetary Authority of Singapore also introduced a $30 million grant to encouraged financial services companies to enhance their security measures.

Australia, assessed to be fourth-most exposed and third-most prepared, put strong emphasis on higher education and scored particularly high on cybersecurity education and RD investment, according to Deloitte. The education sector, however, also had some of the world’s most profitable players and this was contributing to its cyber threat, noted the report, pointing to the rapid digitisation of the country’s education systems and e-learning growth. These made its education sector the most frequently targeted education domain globally, it said.

Deloitted further underlined the need for governments to look at broader governance frameworks to support their cyber strategies, encompassing elements such as risk management, training, risk culture and behaviour, as well as policies and standards for cybersecurity such as information privacy and protection.

Deloitte Access Economics in Australia’s partner John O’Mahony, who is the report’s lead author, said: “The challenge for policy makers is to build a comprehensive legislative framework and environment that protects businesses from cybersecurity risks, whilst allowing them to innovate and maximise the potential of digital technologies.

“We see interest from government, business owners, and vertical experts in building a cyber smart Asia-Pacific that we estimate can unlock as much as 0.7% or $145 billion additional GDP growth for the region over the next 10 years,” O’Mahony said.

VMware’s senior vice president and Asia-Pacific Japan general manager, Duncan Hewett, added that exposure to cyber attacks would increase as nations aimed to become digital economies. This underscored the need for them to be prepared to mitigate the risks to organisations and minimise the potential costs of an attack, he said.

Hewett said: “Based on what we have seen in the region, businesses with an established cybersecurity strategy in place have confidence to invest in new technologies which can lead to higher levels of capital investment and productivity growth.”