ESET has released a study on Small-and-Medium Businesses (SMBs) in the Asia-Pacific (APAC) region. The ESET SMB Cybersecurity Report, which surveyed over 1,400 IT professionals, revealed that despite widespread organisational confidence in cybersecurity, 65% of Singaporean SMBs were targets of breach attempts or cybersecurity incidents in the past 12 months. (smehorizon.com)

85% also agree that businesses of their size are more vulnerable to cyberattacks, compared to larger enterprises. 

Ransomware and AI-enhanced threats emerged as some of the top concerns of Singapore SMBs. 83% are concerned about the threat of ransomware and alarmingly, 88% might consider paying in the event of a ransomware attack. 89% also rank loss of data as one of the top five business implications of a cyberattack.

“Our report indicates that while SMBs have confidence in their security measures and IT expertise, most have still experienced cybersecurity incidents over the past year. This heightened vulnerability, especially compared to larger enterprises, highlights the urgent need for SMBs to strengthen their security frameworks,” said Parvinder Walia, President of Asia Pacific and Japan (APJ) for ESET.

“It is also essential for SMBs to recognise that paying cybercriminals only fuels further cybercrime. Instead, their focus should be on adopting proactive strategies to thwart potential attacks. ESET remains dedicated to empowering SMBs with cutting-edge solutions and expert guidance to enhance their cybersecurity defences and safeguard businesses from persistent threats.”

Confidence alone falls short in growing battle against cyber threats

Majority of Singapore SMBs experienced security breaches or incidents, despite expressing high levels of confidence in their security systems. 91% of Singaporean SMBs are very confident of their overall cyber resilience, but 65% experienced breach attempts or incidents in the past 12 months.

Factors impacting the risk of a cyberattack

Singapore SMBs deem the lack of employee cyber awareness and generative AI as significant factors impacting the risk of a cyberattack, at 49% and 43% respectively. 46% also view employees as a major contributing factor to a successful cyberattack.

Cybersecurity challenges Singapore SMBs faced

ESET’s study also revealed that despite high confidence in their cyber resilience, 49% rate lacking a dedicated cybersecurity team and 52% rate keeping up with the latest threats as one of the top three cybersecurity challenges. 31% cited alert fatigue as the biggest challenge.

 Fortifying defences in the aftermath of an attack

Following a breach or strong indication of a data security incident, SMBs were found to implement a variety of strategies to fortify their cybersecurity. These measures include performing comprehensive cybersecurity risk audits, enhancing cybersecurity training, deploying new cybersecurity tools, and providing internal safeguarding tips and advice.

Armed with potential safeguards in the next year

The ESET SMB Cybersecurity Report unveiled the following strategies Singaporean SMB respondents intend to employ in the next 12 months to bolster their cybersecurity defences and resilience.

• Increased investment in cybersecurity

32% anticipate a rise in cybersecurity spending over the next 12 months, with 13% of these firms expecting to do so by more than 80%. In contrast, firms in Japan and India exhibit a more aggressive approach, showing a stronger inclination toward increased cybersecurity expenditure.

• Spectrum of solution considerations in the coming year

SMBs in Singapore are planning significant cybersecurity enhancements over the next 12 months. 39% aim to deploy vulnerability and patch management, full-disk encryption, threat intelligence and cloud-based sandboxing. Additionally, 38% plan to incorporate cybersecurity insurance, and 34% will implement multi-factor authentication.

• Potential third-party outsourcing

31% currently outsource a portion of their cybersecurity responsibilities to a third-party service provider while 30% manage cybersecurity in-house and do not plan to outsource. Looking ahead, 22% intend to outsource some or all aspects of cybersecurity within the next 12 months.

ESET’s SMB Cybersecurity Report was conducted in the second half of 2023 in partnership with leading market research firm Blackbox, which aims to increase understanding of cybersecurity attitudes and state of cybersecurity practices within SMBs across the region.