A new global study by Kaspersky has found that a shortage of qualified cybersecurity professionals is one of the top barriers preventing organisations in Singapore from addressing supply chain and trusted relationship risks — even as supply chain attacks emerge as a leading threat to businesses worldwide.

Key Findings for Singapore and APAC

According to the survey, 34% of organisations in Singapore cite a lack of qualified IT security staff as a key obstacle to reducing supply chain risks. The talent gap is more acute in other APAC markets, with Vietnam at 57% and Malaysia facing a projected shortfall of over 11,000 cybersecurity professionals by 2026.

Singapore firms are also grappling with competing priorities: 47% of local respondents say their security teams are stretched across too many tasks simultaneously, leaving supply chain threats under-resourced. The country also reported an alarmingly low adoption rate of two-factor authentication at just 28% — below both the regional and global averages.

Singapore was identified as the most targeted APAC market for trusted relationship attacks, where threat actors exploit access granted to third-party vendors and contractors to infiltrate target organisations.

A Global Confidence Crisis

The study surveyed 1,714 technical and executive professionals across 16 countries. Globally, 85% of businesses acknowledge they need to upgrade their supply chain protections, with only 15% considering their current measures effective. Confidence in Singapore sits at 14%, on par with India and Indonesia but above markets like Germany (6%) and Italy (8%).

What Organisations Should Do

Kaspersky recommends a set of structural measures for organisations looking to shore up their supply chain defences, including:

• Embedding specific IT security requirements — such as regular audits and incident notification protocols — into supplier contracts
• Adopting managed detection and response services for teams that lack in-house capacity
• Consistently evaluating supplier cybersecurity postures before and after entering partnerships
• Investing in ongoing cybersecurity training to address the talent gap internally

“When security teams are overstretched, understaffed and have to prioritise urgent tasks over long-term resilience priorities, organisations are left exposed to threats that can move silently through their provider ecosystem.” — Sergey Soldatov, Head of Security Operations Centre, Kaspersky