Are boardroom executives gambling with cyber security?

A steady stream of high profile hacks and infocomm-related failures over the past few months in Singapore should leave little doubt about the importance of robust cyber-defence for businesses and individuals. Changing work patterns such as Bring Your Own Device (BYOD), Big Data and Cloud technologies represent new threats to cyber security. Companies looking to safeguard their assets and employee data are facing an increasing severity of threats from different quarters. 

Though many companies have already implemented some sort of  I.T security policies and best practices, it is critical for cyber security to be firmly entrenched on the radar of board-room executives and to be in line with the overall technology strategy of the business. 

Singapore is lagging behind

The average cost of security breaches has never been higher, with several individual breaches costing organisations more than S$2 million. New research from BT reveals that 70per cent of business I.T leaders in Singapore view hactivism and malicious insider threats as a severe risk to their organisation. 

The study, which assessed attitudes to cyber security and levels of preparedness among IT decision makers across seven countries suggests that Singapore is lagging behind its US and European counterparts in crucial areas. For example, only one in three (34 per cent) of organisations in Singapore are able to measure the return on investment (ROI) of their cyber security measures, compared to nine in 10 (90 per cent) in the US and 68 per cent in Hong Kong.

Furthermore, Singapore businesses seem to face greater challenges than those from other countries, with 80per cent viewing the prevention of data leakage accidentally or intentionally by employees as a continuous challenge compared to 66per cent globally and 74per cent in Hong Kong.

Despite this sobering outlook on the cybersecurity landscape here, board-level executives do not appear to be taking this threat seriously enough, with more than half of IT decision-makers globally stating that their boards underestimate the importance of cyber security. The situation in Singapore is similar, with only 34per cent of respondents stating that their CEO regards protection against cyber-attack as an absolute priority. 

Implications for businesses

The research throws some light onto the changing threat landscape and the challenge this poses for organisations globally. It should also serve as a warning to organisations that the risks to business are moving too fast for a purely reactive security approach to be successful. 

The massive expansion of employee-owned devices, cloud computing and extranets have multiplied the risk of abuse and attack, leaving organisations exposed to a myriad of internal and external threats – malicious and accidental.

In response to such emerging threats, the vast majority of IT decision makers globally and in Singapore say that they would like to overhaul their infrastructure and design them with security features from the ground up. Eighty per cent of Singapore I.T leaders have plans in place to train all staff in cyber security best practices, many say they will be engaging an external vendor to monitor the system and prevent attacks.

Both of these measures require a re-education of the business and its practices, though a complete overhaul is a more severe and expensive reaction. Implementing cyber security training is a less disruptive and more feasible answer, which explains its popularity.

These are encouraging signs but it remains to be seen whether board level executives will take notice of the emerging threat that cyber security poses. Cyber security should not be seen as an issue for the IT department alone. As the threat landscape continues to evolve, CEOs and board level executives need to invest in cyber security and develop enterprise frameworks and architectures for detecting cyber threats and preparing a robust incident response. 

It is essential for companies looking to boost their cyber defences to engage a reliable partner with the best of breed portfolio, intelligence services plus dedicated subject matter experts to help them put the right security measures in place to mitigate cyber threats. At BT we aim to help our customers identify and understand the risks and vulnerabilities as well as their critical assets. 

Security needs to be incorporated into the very DNA of every organisation and regarded as a priority, because the stakes and costs are too high for cyber security to be pushed to the bottom of the pile. Adopting tight cyber security strategies should not be overlooked in 2014 and beyond, and it should play a key factor in boardroom plans for long-term growth and success moving forward.

Kevin Taylor is president, Asia, Middle East and Africa, BT Global Services