Singapore-based organisations are making headway in managing supply chain cybersecurity risks, with fewer companies reporting breaches in 2024 compared to the previous year, according to the latest research by cyber defence company BlueVoyant.
The report, based on responses from 2,100 senior executives—including CISOs, COOs, CSOs, CTOs, and chief procurement officers—across 11 markets including the United States, Canada, Europe, and the Asia-Pacific, highlights encouraging trends in Singapore’s cyber resilience efforts.
In 2023, Singapore companies averaged 4.42 breaches affecting operations. This year, that figure has dropped to 3.97—a sign that enhanced oversight, rising budgets, and increased monitoring are beginning to yield results.
Singapore firms are also demonstrating greater awareness and control compared to global counterparts. Only 24% of respondents in Singapore said they lacked visibility into issues with third-party vendors, outperforming the global average of 30%. Similarly, 59% of Singapore organisations reported assessing vendor risks—well above the global average of 50%.
Continuous visibility into third-party risks has also improved, with 21% of respondents maintaining constant oversight, compared to just 15% globally. While Singapore companies assess fewer suppliers on average (most focusing on between 101 and 500 vendors), they are more likely to report monitoring all third-party vendors (33% vs 30% globally).
When it comes to protective strategies, continuous monitoring is now the most widely adopted method in Singapore (30%), narrowly surpassing network scanning and penetration testing (29%). Furthermore, 34% of Singaporean firms outsource the analysis of monitoring data—a sign of growing reliance on specialist partners.
Frequency of risk assessments is increasing as well. Monthly monitoring is the norm for 28% of organisations, and management briefings are becoming more regular, with 16% conducted monthly and 7% weekly. These figures mark a notable shift toward more responsive governance compared to global averages.
Still, challenges persist. While 44% of organisations claim some level of autonomous visibility into their third-party cyber risk, 35% remain dependent on self-reporting by external vendors.
Notably, 90% of Singapore firms have raised their budgets for managing third-party cyber risk—surpassing the global average of 86%. Concerns over high-profile supply chain breaches in the past year, such as the MOVEit incident, have played a significant role in motivating organisations to invest more heavily in both internal and external cyber defences. Nearly half (47%) of respondents said these incidents are likely to trigger additional funding for cybersecurity efforts.
“Although the data demonstrates that local organisations are prioritising monitoring of third parties, supply chain breaches will continue to remain a significant concern in Singapore,” said Sumit Bansal, BlueVoyant VP in Asia Pacific and Japan.
He noted that increasing reliance on external partners raises the stakes, adding, “While challenges remain, the progress made over the past year is encouraging and reflects a deeper awareness of the importance of securing digital infrastructure and fostering closer collaboration with supply chain partners to stay resilient.”
Joel Molinoff, global head of Supply Chain Defence at BlueVoyant, echoed this sentiment, highlighting a shift in focus: “While this progress also brings many new challenges, it indicates a major step in the right direction when contrasted with previous years where many organisations had poor tracking of third-party vendors, little to no leadership oversight, and virtually no collaboration when it came to remediating cyber issues.”
