Only 2 in 10 Singapore board members feel prepared for a cyber attack despite most agreeing their organisation has adequately invested in cybersecurity

SINGAPORE, 6 September, 2023 – Proofpoint, Inc., a leading cybersecurity and compliance company, today released its second annual Cybersecurity: The 2023 Board Perspective report, which explores board of directors’ views on the global threat landscape, cybersecurity priorities, and relationships with Chief Information Security Officers (CISOs). The findings reveal that 89% of board members in Singapore believe they are at risk of a material cyber attack in 2023, a notable increase from 66% last year and higher than the global average of 73%. Paradoxically, Singapore board members rank last amongst surveyed countries in terms of feeling prepared to cope with a cyber attack despite ranking first in agreeing their organisation has adequately invested in cybersecurity.

This year-over-year change may reflect the ongoing volatility of the threat landscape, including lingering geopolitical tensions and rises in disruptive ransomware and supply chain attacks. The emerging risk of artificial intelligence (AI) tools such as ChatGPT may also be contributing to these sentiments: 78% of Singapore board members believe generative AI is a security risk for their organisation, significantly higher than the global average of 59%.

The Cybersecurity: The 2023 Board Perspective report examines global, third-party survey responses from 659 board members at organisations with 5,000 or more employees across different industries. In June 2023, more than 50 board directors were surveyed in each market from 12 countries¹.

According to the report, boards and CISOs in Singapore have different concerns about the biggest cyber threats to their organisation. Boards ranked malware (43%), ransomware (41%), insider threat (40%), and supply chain attacks (40%) as their top concerns, while CISOs view insider threat (35%), cloud account compromise (35%), and email fraud/business email compromise (32%) as the most worrying. Boards and CISOs are also still not entirely aligned: while both understand human error is a big risk, boards are much more confident in their organisation’s ability to protect data (86%) compared to CISOs (68%).

Yvette Lejins, Resident CISO, Asia Pacific and Japan at Proofpoint, said: “It is encouraging that boards and CISOs are generally more aligned when they do interact. However, now is not the time to grow complacent. As insider threats and supply chain attacks have become increasingly costly, it is important that organisations remain vigilant and take the necessary steps to break the attack chain by protecting their employees and defending sensitive data."

The report also compares the board’s alignment with CISOs based on the sentiments uncovered in Proofpoint’s 2023 Voice of the CISO report released in May this year.

“The newfound alignment between board members and their CISOs on cyber risk and preparedness is a positive sign that the two sides are working closer together and making progress. However, this growing alliance hasn’t yet delivered significant changes in cybersecurity posture,” said Ryan Kalember, Executive Vice President of Cybersecurity Strategy at Proofpoint. “Our findings show that it remains a challenge to translate increased awareness into effective cybersecurity strategies that protect people and data. Boards must continue to invest heavily in improving preparedness and organisational resilience, which means pushing for even deeper, more productive conversations with CISOs to ensure directors are making informed, strategic decisions that drive positive outcomes.”

Key Singapore findings from Proofpoint’s Cybersecurity: The 2023 Board Perspective report include:

• Generative AI has most of the boardroom’s attention: with tools such as ChatGPT getting much of the spotlight in recent months, 78% of surveyed Singaporean board directors view this emerging technology as a security risk to their organisation.
• Year-over-year comparison shows Singaporean board members are much more concerned about cyber risk: 89% of those surveyed feel their organisation is at risk of a material cyber attack, compared to 66% in 2022.
• Awareness and funding do not translate into preparedness: 79% of Singaporean board directors agree that cybersecurity is a priority for their board, 89% believe their board clearly understands the cyber risks they face, 86% think they have adequately invested in cybersecurity, and 97% believe their cybersecurity budget will increase over the next 12 months. However, 81% still view their organisation as unprepared to cope with a cyber attack.
• Board members and CISOs have different concerns about their biggest threats: Singaporean board members ranked malware (43%), ransomware (41%), insider threat (40%), and supply chain attacks (40%) as their top concerns. This is mostly different from CISOs’ top concerns of insider threat (35%), cloud account compromise (35%), and email fraud/BEC (32%).
• Directors are not aligned with CISOs in the areas of people risk and data protection: while most Singaporean board directors (68%) and CISOs (59%) agree that human error is their biggest risk, board members are much more confident in their organisation’s ability to protect data—86% of directors share this view, compared to 68% of CISOs.
• Improved security awareness and culture, bigger budgets, and additional cyber resources top boardrooms’ wish lists: 44% of Singaporean board directors said their organisation’s cybersecurity would benefit from improved security awareness and culture amongst employees, 43% would like to see a greater cybersecurity budget, and 38% would like additional cyber resources.
• Board-CISO interactions and relationships are improving: 59% of Singaporean board directors say they interact with security leaders regularly. While a significant increase from last year’s 37%, it still leaves nearly half of all boardrooms without strong CISO-C-suite relationships. Board members and CISOs are generally aligned when they do interact, however, with 76% of board members saying they see eye-to-eye with their CISO and 60% of CISOs agreeing.
• Personal liability is much more of a concern for boards than CISOs: 76% of Singaporean board directors expressed concern about personal liability in the wake of a cybersecurity incident at their own organisation, while only 56% of CISOs agree.

To download Cybersecurity: The 2023 Board Perspective report, please visit: https://www.proofpoint.com/au/resources/white-papers/board-perspective-report

For more insights, research, trends, resources, events, and other CISO-level content, visit Proofpoint’s CISO Hub at www.proofpoint.com/au/ciso-hub.

####

About Proofpoint, Inc.

Proofpoint, Inc. is a leading cybersecurity and compliance company that protects organizations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Leading organizations of all sizes, including 85 percent of the Fortune 100, rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web. More information is available at www.proofpoint.com.

Connect with Proofpoint: Twitter | LinkedIn | Facebook | YouTube 

###

Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.

¹Countries surveyed: US, Canada, UK, France, Germany, Italy, Spain, Australia, Singapore, Japan, Brazil, and Mexico.