Singapore SMEs’ cyber risk awareness declines: report

Fewer SMEs were affected by cyber events this year.

Cybersecurity risk awareness among small and medium-sized enterprises (SMEs) in Singapore worsened this year, with some operating without protection at all, according to a report by QBE.

This year’s QBE SME Survey for Singapore revealed less than half (47%) of SMEs in the city-state were fully informed of potential cybersecurity risks this year, markedly lower than the 57% recorded last year.

19% of businesses said they did not have any protection against cybersecurity risks, up from 9% last year.

Respondents cited malware as the top cybersecurity risk, followed by data breaches and phishing and smishing.

There were also fewer SMEs affected by cyber events this year (25%) compared to last year (38%) – a trend that might have contributed to the declining cybersecurity awareness among small businesses, according to QBE.

"This number shows how vulnerable SMEs may be to cyber risks, and underscores the need for companies to educate, upskill and protect themselves in this area,” Shun Quan Goh, underwriting head of retail SME at QBE Singapore, said. “Businesses cannot afford to be complacent about cyber security, it really is a matter of when, and not if, a cyber breach happens.”

Businesses that did have protection favoured using software solutions (59%) for their cybersecurity, while staff training (46%), dedicated cybersecurity staff (44%) and policies handling potential risks (43%) followed closely behind.

Only 38% of SMEs were insured for cybersecurity risks, though more than half (55%) expressed willingness to purchase insurance this year.

The report surveyed 605 SME business leaders in Singapore between December 2023 and January 2024.