Businesses are embracing emerging technologies, but information security focus remains shaped by compliance requirements: KPMG’s 2022 Cyber Trust Insights
- 76 percent of Singapore business leaders admit that information security at their organisation is still shaped by compliance requirements rather than long-term business ambitions
- Top factor affecting trust for Singapore business leaders is recent data breaches or other cyber incidents (42 percent), while global business leaders are more concerned over how data is protected (36 percent).
- 8 in 10 Singapore businesses cite increasing trust across the stakeholder spectrum as the leading consideration for their cyber-risk programme, as they believe increased trust will deliver improved profitability (46 percent), growth in market share (36 percent), and enhanced business reputation (34 percent).
SINGAPORE - Media OutReach - 13 October 2022 - Majority of business leaders globally (65 percent) and in Singapore (76 percent) are planning and implementing their information security based on compliance requirements rather than considering long-term business ambitions. These findings were unveiled in KPMG's 2022 Cyber Trust Insights report which surveyed 1,881 executives (largely C-Suite and Board members) from over 30 countries.
This comes despite the fact that organisations are placing advanced data and sophisticated analytics at the heart of their operations and reshaping customer experiences with innovative digital services (see Table 1), all of which are likely to introduce new cybersecurity challenges. For instance, majority of business leaders (Global: 78 percent; Singapore: 86 percent) surveyed in KPMG's 2022 Cyber Trust Insights indicate that artificial learning (AI) and machine learning (ML), that synergises with technologies such as IoT and 5G, raise unique cybersecurity challenges that require special attention.
Wong Loke Yeow, Partner of Cyber Advisory at KPMG in Singapore said, "Majority of businesses are expected to embrace disruptive new platforms (including Web3 and the Metaverse) within two years and, over the next three years, increasingly ramp up their investment in areas such as internet of things (IoT), edge computing and 5G. Against this backdrop, building and protecting trust will be integral to how businesses operate and interact with stakeholders. Weaving cybersecurity into the fabric of the organisation, positioning the role of the Chief Information Security Officer (CISO) as a key executive, securing the support of leadership, and collaborating with other partners in the corporate ecosystem will be key to providing the assurance consumers desire and securing corporate reputation."
Table 1: Digital Experiences that Global and Singapore business leaders expect to invest in over the next three years
| Digital Experiences | Global | Singapore |
| Multi-channel integration to improve customer experience/business partners | 36% | 50% |
| Use of experience data to customise digital interactions in real time with customers/business partners | 37% | 46% |
| Open APIs providing direct access to services for customers / business partners | 28% | 32% |
| Chatbots and other AI customer interaction technologies | 28% | 32% |
| IOT devices directly interacting with customers/business partners | 29% | 28% |
| Hyper-personalised/tailored services or products | 26% | 26% |
| Greater use of self-serve channels for customers/business partners | 33% | 26% |
| Digital twins modelling and simulating aspects of the business | 24% | 24% |
| New digital channels to market | 30% | 22% |
| Use of virtual or augmented reality as interaction mode | 29% | 14% |
Top factor undermining stakeholder trust is data breaches and cyber incidents
Close to half of Singapore's business leaders (46 percent) and over one-third of business leaders globally (37 percent) also note that trust in their organisations affects profitability, can deliver growth in market share (Global: 29 percent; Singapore: 36 percent), and is critical for reputation (Global: 30 percent; Singapore: 34 percent).
Data security continues to be a key determinant of stakeholder trust in Singapore. Local business leaders said the top factor affecting trust in their organisation's ability to protect and use data is recent data breaches or other cyber incidents (42 percent), while global business leaders cited concerns over how data is protected (36 percent). Table 2 details these factors.
Hence, many companies have made it their priority to build stakeholder trust. 8 in 10 Singapore businesses cite increasing trust across the stakeholder spectrum as the leading consideration for their cyber-risk programme. This high value placed on providing assurance to consumers may stem in part from the accelerating growth of cybersecurity and privacy regulations globally and the repercussions of failing to meet them. Currently, 33 percent of Singapore executives worry about corporate reporting disclosures related to cybersecurity, while 47 percent worry about their ability to meet existing or new cybersecurity regulations when activities are outsourced to digital service providers. This is compared to 34 and 36 percent of global executives respectively.
Table 2: Factors leaders say are undermining stakeholder trust in their firm's ability to protect and use their data
| Factors undermining stakeholder trust | Global | Singapore |
| Recent data breaches or other cyber incidents | 30% | 42% |
| A lack of clarity over why data is required for a particular service and the benefits of sharing or providing data | 32% | 38% |
| Concerns over how their data is protected | 36% | 34% |
| Broader public concerns over privacy and data protection | 34% | 34% |
| Concerns over a lack of transparency around data use | 31% | 30% |
| Concerns over how their data is used or shared | 35% | 30% |
| A lack of initiatives to build trust with stakeholders | 26% | 26% |
| A lack of confidence in the governance mechanisms in place | 28% | 26% |
| Adverse publicity surrounding your organisation | 23% | 24% |
| A failure to fully compensate someone for the use of their data | 24% | 16% |
Akhilesh Tuteja, KPMG's Cyber Security Practice Leader, commented "Each new data activity that an organization embarks on exposes them to potential vulnerabilities and risks that should be guarded against to maintain trust. Executives are starting to acknowledge these risks - many of our respondents (78 percent) agree that new technologies [such as AI and machine learning] come with unique, and often ill-understood, cybersecurity and trust challenges. If these challenges aren't adequately addressed, the risk to an organization can be extreme."
The increasing emphasis placed on environmental, social and governance (ESG) goals in recent years also means that stakeholder demands for greater transparency and oversight now extend to organisations' cybersecurity posture. About 3 in 10 Singapore companies (28 percent) see their Chief Information Security Officer (CISO) or information security team as an integral part of their ESG team that drives a wide variety of ESG-related activities compared to 17 percent globally. As organisations recognise the growing social imperative around this topic, that proportion is expected to grow.
Nonetheless, in a separate survey of CEOs by KPMG, nearly three-quarters of organisations (72 percent) in Singapore are confident in their preparedness against a cyber-attack, higher than the 69 percent in Asia Pacific and 56 percent globally1. The Cyber Trust Insights report lends some credence to this, with companies saying that they have implemented risk modelling to quantify their cyber risk and visually report risk to the board (Global: 73 percent; Singapore: 84 percent), and that their risk modelling is based on comprehensive data on threats and vulnerabilities (Global: 67 percent; Singapore: 86 percent).
Businesses can be more proactive on cybersecurity collaborations
An area which businesses see room for improvement is being active members of a broader partnership in the ecosystems they operate in. Businesses know they do not operate in a vacuum, especially as they continue their digitalisation journey.
58 percent of Singapore companies admitted their organisation is not proactive enough in its cybersecurity collaborations, such as with professional bodies and the government, comparable to 53 percent of global companies which had the same sentiment. Companies believe that the biggest advantage of collaborating on cyber security is the reduction in time it takes to identify data breaches (Global: 38 percent; Singapore: 44 percent) and that it allows them to better anticipate cyber-attacks (Global: 44 percent; Singapore: 36 percent).
At the same time, businesses cite understandable concerns such as revealing internal details about their security posture (Global: 36 percent; Singapore: 46 percent) and unnecessarily revealing their security weaknesses or failures (Global: 35 percent; Singapore: 36 percent) as barriers to participating in such external collaborations.
[1]KPMG 2022 CEO Outlook
Hashtag: #KPMG
The issuer is solely responsible for the content of this announcement.
About KPMG
KPMG in Singapore is part of a global organisation of independent professional services firms providing Audit, Tax and Advisory services. We operate in 144 countries and territories with more than 236,000 partners and employees working in member firms around the world. Each KPMG firm is a legally distinct and separate entity and describes itself as such. KPMG International Limited is a private English company limited by guarantee. KPMG International Limited and its related entities do not provide services to clients.
For more information, visit kpmg.com.sg.
LinkedIn: linkedin.com/company/kpmg-singapore
