Cybersecurity has become a central concern for businesses in Singapore, with 55% of leaders naming major cyber-attacks as the greatest existential threat they face. This growing anxiety reflects the rising scale and complexity of cyber incidents that can disrupt operations, compromise customer data, and result in severe financial and reputational damage.
Yet, there is a striking gap between awareness and readiness. According to BT’s Cyber Agile Organisation report, only 15% of Singaporean business leaders believe their current cybersecurity strategy is strategic and agile. The report surveyed 2,500 C-suite executives globally, including respondents across Singapore, and uncovered key differences between high-performing organisations and those still lagging in their cyber maturity.
Rodney Kinchington, Regional Managing Director for BT Business in Asia-Pacific, Middle East, and Africa, shares insights on where Singaporean businesses are falling short and what they must do to close the gap. The findings suggest that organisations must stop viewing cybersecurity as a siloed IT function and start embedding it across leadership, operations, and innovation strategies.
The state of cybersecurity readiness in Singapore
Despite significant concern among business leaders, most organisations remain reactive rather than resilient in their cybersecurity posture. While 63% of leaders say cyber threats keep them awake at night, only 40% report having what they consider an “enhanced strategy”. However, even that often reflects compliance-based checklists rather than adaptive frameworks capable of responding to modern threats.
A common issue is the fragmented way cybersecurity is handled within organisations. When confined to IT departments and excluded from broader decision-making, security teams are left responding to attacks rather than anticipating them. This lack of integration stifles agility and slows down responses to fast-evolving threats like ransomware or supply chain compromises.
Today’s digital environments further complicate the adoption of the problem; remote work and increasingly interconnected supply chains have dramatically increased the number of potential vulnerabilities. Many businesses struggle with blind spots across their networks, particularly in multi-cloud setups where visibility is difficult to maintain.
Connectivity—defined in the report as an organisation’s ability to monitor and secure its infrastructure—emerged as one of the weakest links. Without complete, real-time insight into metrics such as latency, jitter, or packet loss, businesses can’t detect risks early or mitigate issues before they escalate.
Budget is another barrier. Despite the rising cost of breaches, cybersecurity still receives just 10% of overall IT budgets in many organisations. This limits investment in modern tools like AI-driven threat detection and incident response automation. On top of that, legacy systems and internal resistance to change continue to prevent businesses from moving towards more adaptive architectures such as Zero Trust.
To shift from reactive to resilient, cybersecurity must be treated not as a cost to manage but as a strategic enabler that protects operations and supports growth in a digital-first economy. As Rodney puts it, “Businesses must view cybersecurity as a growth enabler, not just a cost centre.”
Cybersecurity talent shortages and organisational impact
Workforce readiness is another key issue highlighted in the report. Despite cybersecurity ranking high on leadership agendas, many organisations lack the in-house expertise to protect themselves effectively. Only 54% of Singaporean businesses have appointed a Chief Information Security Officer (CISO), and less than half employ essential cybersecurity roles such as SOC Analysts, Security Architects, or Threat Intelligence specialists.
Roles focused on emerging technologies, such as AI & Machine Learning Security Specialists, are even more challenging to fill—despite being vital to counter increasingly automated and targeted attacks. This shortage undermines the ability of businesses to build, maintain, and evolve a robust cyber defence posture.
One solution lies in workforce development. By investing in training and upskilling programmes across departments—not just IT—organisations can build a more resilient front line. Human error remains one of the most common vulnerabilities exploited in breaches, so fostering awareness across the business is essential. Employees should understand their role in protecting sensitive systems and data, acting as a ‘human firewall’.
At the same time, outsourcing key functions to managed security providers offers an immediate way to bridge internal gaps. Access to external threat intelligence, response expertise, and continuous monitoring can help maintain a strong security baseline while internal capabilities are developed.
AI and automation also offer potential relief—but only when deployed as enablers, not replacements. Automated threat detection, behavioural analysis, and rapid incident response tools can help extend the reach of overstretched teams. However, these systems must be implemented with care to ensure they support human decision-making rather than introducing new risks through blind trust. In the long term, the organisations that succeed will build a workforce where cybersecurity is second nature—embedded into culture as much as code.
How Singaporean organisations can strengthen cyber resilience
Shifting from compliance-led strategies to cyber agility means embracing technologies and practices that can adapt to evolving threats. Rather than relying solely on pre-defined policies or manual processes, organisations need systems that are dynamic, intelligent, and capable of learning from emerging risks.
One key element is the strategic use of AI and automation. These technologies can help businesses detect anomalies in real time, trigger automated responses, and reduce time to resolution. Rodney notes, “Machine learning can enable real-time threat detection, automated incident response, and anomaly detection, processing vast amounts of data at speed to identify patterns and neutralise attacks before they escalate.” They also allow teams to manage vast datasets at scale—an essential capability given the volume of signals modern systems generate.
However, these benefits rely on having the proper infrastructure in place. Many businesses still operate on rigid, legacy networks that prevent seamless integration of modern tools. Vendor lock-in, incompatible platforms, and outdated hardware all limit flexibility. By transitioning to scalable solutions like Network-as-a-Service (NaaS), organisations can improve visibility, adaptability, and integration with AI-powered defences.
Zero Trust Architecture is another priority. This approach assumes no user or device can be trusted by default and enforces continuous verification. It’s imperative in hybrid and remote work environments, where endpoints may be outside traditional perimeters.
Training remains equally critical as well. As threat actors use AI to launch increasingly convincing phishing and social engineering attacks, employee awareness must evolve in tandem. Ongoing education, real-world simulations, and transparent reporting protocols help ensure that the human layer of defence is not neglected.
Singapore’s strong regulatory environment also presents an advantage. Organisations that stay ahead of compliance—aligning early with best practices—gain legal security, customer trust, and operational efficiency. Cyber resilience is about preventing attacks and also enabling long-term success in an interconnected, digital-first world.
The role of BT in supporting businesses against cyber threats
BT plays a crucial role in helping organisations build resilience through a proactive, integrated approach to cybersecurity. Rather than treating security as an add-on, BT embeds it directly into digital infrastructure—supporting businesses with end-to-end visibility, threat detection, and adaptive defences across distributed environments.
For example, software-defined routing allows organisations to manage data flows intelligently across regions, supporting both performance optimisation and compliance with increasingly complex data sovereignty laws. As organisations face growing regulatory scrutiny across Asia-Pacific and beyond, this level of control is essential.
BT’s research also identifies the traits of high-performing organisations. These companies excel across six key dimensions of cyber agility: Awareness, Compliance, Connectivity, Strategy, Skills, and Innovation. What sets them apart is not just technology—but a mindset. They integrate security into business planning, align leadership on strategic priorities, and treat cybersecurity as a platform for innovation.
Singaporean businesses can take inspiration from these examples. By ensuring cross-functional alignment, maintaining clear oversight of digital assets, and making cybersecurity a board-level priority, they can build defences that evolve in step with threats.
Looking to 2025 and beyond, the pressure will only grow. Attack surfaces are expanding, technologies are evolving rapidly, and threat actors are becoming more sophisticated. Success will depend on organisations’ ability to embed security into the heart of operations—from infrastructure and people to culture and strategy.
BT continues to support this evolution by helping businesses shift from reactive to proactive, from siloed to integrated, and from compliant to truly cyber agile.
