In today’s turbulent business and geopolitical landscape, executives in Asia Pacific are juggling growth, efficiency, and resilience while navigating shifting trade policies and economic uncertainty. These pressures are driving up costs, complicating global supply chains, and limiting market access. Yet, amid this high-stakes environment, one critical element is too often overlooked: cybersecurity.

The reluctance to prioritize cybersecurity in the region isn’t born of ignorance. In fact, it’s sometimes quite the opposite. Some leaders may unconsciously downplay or avoid fully confronting the scope of their cybersecurity vulnerabilities, given competing priorities and the perceived high investment and commitment required. Others may delegate responsibilities to security teams, assuming that critical issues will be flagged. But a defensive cybersecurity strategy isn’t enough. This elevates business risk and can leave organizations exposed.

And, as revealed in the 2024 Gigamon Hybrid Cloud Security Survey, organizations are not prepared for today’s evolving threat landscape. In fact, in the last year, more than half (51%) of security teams in Singapore failed to detect a data breach using their existing tools. Of those that did, nearly 1 in 3 could not determine the root cause of the breach.

These sobering statistics underscore the critical gaps in cybersecurity readiness. While Singapore has continued to make progress, with amendments to the Cybersecurity Act to strengthen cyber defenses, alongside initiatives to train board directors to combat and recover from cyber threats and ransomware attacks, significant vulnerabilities remain.

The Cyber Security Agency’s 2023 report reveals that local organizations have only achieved a 70 percent adoption rate for essential cybersecurity measures, highlighting persistent risks. This emphasizes the urgent need for businesses to move beyond compliance and adopt a proactive, security-first mindset to address emerging threats in real-time.

Furthermore, until every boardroom understands that cyber risk is equally a business risk, we will continue to see these catastrophic consequences of a fragile global network infrastructure rooted in defensive security postures and protocols.

To help overcome these shortcomings, here are five essential tips C-level executives, their boards and our nation’s leaders should consider immediately:

1. CISOs belong in the boardroom

88 percent of security leaders in Singapore agree that cloud security is a priority for the board, emphasizing the growing acknowledgment of the CISO’s role in driving an organization’s security posture. Notably, cybersecurity has already gained traction in Singapore’s boardroom discussions. In 2024, it was revealed that 81 percent of CISOs in Singapore say their boards align with them on cybersecurity matters, up from 60 percent in 2023. This underlines the growing acknowledgment of cybersecurity as a critical business priority at the highest levels of corporate governance. However, despite this progress, nearly half of boardrooms still lack robust CISO and C-suite relationships.

2. Never work in silos

To spark intellectual debates that keep business priorities and risks front and centre, it is essential that the CIO, CISO, and CTO report to the same leader. After all, while CIOs and CTOs are laser-focused on boosting efficiency and streamlining operations, they may spread the workload across hybrid and multi-cloud environments—complicating the organization’s security posture, and leaving CISOs to grapple with widening gaps.

When CISOs, CIOs, and CTOs work in lockstep with one another and report to the same leader—typically the CEO—organizations benefit from a unified perspective. In APAC, for example, 35 percent of CISOs in Hong Kong and Singapore now report directly to the CEO, ensuring that key stakeholders can make well-informed decisions with cybersecurity leadership at the table.

3. It takes a village

Staying ahead of threat actors takes a village; therefore, it’s important to consider a subcommittee of the board that is responsible for the organization’s overall security posture. This empowers the board to bring outside expertise in for independent assessments. This doesn’t mean the CISO and their capabilities are in question but rather demonstrates an understanding that the responsibility of an organization can’t fall to one individual.

4. Enhancing basic regulatory standards

Singapore has made great strides in strengthening cybersecurity regulations, but as the threat landscape continues to evolve, adversaries will constantly find new ways to exploit vulnerabilities.

While progress has been made in both education and regulation, companies must remain proactive to stay ahead. Enhanced regulatory standards could help by requiring businesses to disclose their compliance, enabling consumers to make more informed decisions about their data privacy and who they choose to do business with.

5. You can’t secure what you can’t see

When it comes to network security, the focus has always been on locking the doors and keeping an eye on who comes and goes—what’s known as “North-South” traffic. But what about what’s happening inside? Who’s watching the hallways and side doors—the “East-West” traffic? If someone were quietly moving between servers, devices, or applications, would organizations even know?

In Singapore, 78 percent of Security and IT leaders say East-West visibility is a bigger priority than North-South, yet less than half (47%) feel confident in detecting threats within it. And as cloud computing and microservices drive more internal activity, East-West traffic now accounts for the majority of data movement in data centers—creating blind spots attackers love to exploit. In fact, research shows that up to 80 percent of breaches come from undetected lateral movements, where threats spread quietly between systems before anyone realizes what’s happening.

With the Asia Pacific region facing an alarming average of 2,510 cyberattacks per week in just the second quarter of 2024, it’s evident that we are losing ground against cybercriminals. The region has seen examples of hackers bypassing traditional perimeter defenses—such as Volt Typhoon targeting Singapore’s Singtel as part of a global campaign and the National Data Centre Ransomware Attack in Indonesia, which crippled government services and demanded a ransom of $8 million.

Whether or not regulatory mandates are put into effect, organizations need visibility into all network traffic—north-south and east-west—minimizing the risk of making the front page for all the wrong reasons.

When will we collectively take a step back to acknowledge cybersecurity’s biggest barriers and shortcomings? There is only so much we can control, but by implementing the tips above, partners, customers, board members, and shareholders can rest assured they’ve done all they can to reduce business risk and ensure the long-term success of their organization.

#Cybersecurity #BusinessRisk #CloudSecurity #DataProtection #CyberThreats