BlueVoyant Survey: More Than 70% of Singapore Organisations Negatively Impacted by a Supply Chain Security Breach

BlueVoyant, an industry-leading cyber defence company, today released its fifth annual global survey into supply chain cyber risk management. The Singapore results show that reducing supply chain cyber risk remains a persistent problem with more than 70% of organisations reporting an average of 3.97 breaches impacting operations this year.

This year’s BlueVoyant study indicates that organisations in Singapore are making progress in enhancing their cybersecurity efforts with the data showing increasing board oversight, growing budgets, and rising third-party monitoring frequency reflecting a positive shift compared to last year’s figures. An average of 4.42 reported breaches in 2023 now decreased to 3.97 in 2024.

Outperforming global figures, Singapore organisations also reported greater awareness, with only 24% indicating no way of knowing issues with third parties, compared to the global average of 30%. Showing evidence of a of greater focus to monitor vendors, Singaporean enterprises are reportedly more diligent in assessing vendors, with 59% doing so compared to 50% globally. Continuous visibility into third-party risks is reportedly higher at 21%, compared to 15% globally.

BlueVoyant’s Key Findings from Singapore Organisations

Among the key findings of the BlueVoyant survey as regards organisations in Singapore are as follows:

• Third-party monitoring is a growing priority. While Singapore respondents reportedly evaluate fewer suppliers for cyber security risk, with 43% saying they are focusing on 101-500 vendors, they are more likely to say they monitor all third parties (33% compared to 30% globally).
• Continuous monitoring is the most common reported solution for third-party cyber security in Singapore, adopted by 30% of organisations, slightly ahead of network scanning and penetration tests (29%). Singapore’s respondents are also more inclined to report outsourcing the analysis of monitoring data (34%).
• Monitoring frequency is on the rise. Organisations in Singapore are proactive in monitoring cyber security risks, with monthly assessments reportedly being the norm (28%). Senior management is reportedly mostly briefed semi-annually (27%), with a higher frequency of weekly (7%) and monthly (16%) briefings compared to global figures.
• While 44% or organisations maintain periodic autonomous transparency/visibility of certain aspects of cyber risk management, 35% said they have no way of autonomously seeing the cyber risk posture of third parties and rely on self-reporting.
• Budgets for third-party cyber risk management have increased for 90% of Singapore respondents, surpassing the global average of 86%.
• Concern over recent breaches. Almost 50% (47%) of Singapore organisations indicated the news of breaches over the past 12 months (ex. MOVEit and other large supply chain cyber security breaches) are likely to lead to an increase in budget for additional internal and external resources to help protect against supply chain cyber security issues.

“Although the data demonstrates that local organisations are prioritising monitoring of third parties, supply chain breaches will continue to remain a significant concern in Singapore,” said Sumit Bansal, vice President, Asia Pacific and Japan, at BlueVoyant. “As one of the most digitally advanced nations in the Asia Pacific and Japan region, Singaporean organisations increasingly rely on external vendors and partners to support their operations, and one weak link can expose entire networks to potential compromise.”

Bunsal further said: “While challenges remain, the progress made over the past year is encouraging and reflects a deeper awareness of the importance of securing digital infrastructure and foster closer collaboration with supply chain partners to stay resilient.”

Joel Molinoff, Global Head of Supply Chain Defence at BlueVoyant, added: “More organisations than any previous year indicated that their primary focus is no longer on awareness of the third-party risk management problem or adoption of a program, but rather with the operational, day-to-day challenges of managing an effective program. While this progress also brings many new challenges, it indicates a major step in the right direction when contrasted with previous years where many organisations had poor tracking of third-party vendors, little to no leadership oversight, and virtually no collaboration when it came to remediating cyber issues.”

The study was carried out by an independent market research organisation, Opinion Matters, who surveyed 2,100 -suite leaders responsible for supply chain and cyber risk management across a range of industries. To gain a global perspective, the BlueVoyant research was conducted in 11 countries across North America, Europe, and Asia Pacific.

Learn more about the full BlueVoyant report: “The State of Supply Chain Defence: Annual Global Insights Report 2024,” including analysis across countries and vertical sectors.