Challenges to taking Cyber Security Seriously in Singapore (Essay Sample)

Challenges to Instilling a Culture of taking Cyber Security Seriously in Singapore
Name
Institution
Date
Challenges to Instilling a Culture of taking Cyber Security Seriously in Singapore
Cyber-security is considered a fundamental security threat in Singapore due to high internet adoption and usage rates. According to Yu (2020), studies have shown that Singapore is more exposed to cyber-security than any other country in the Asia-Pacific. In addition, Internet usage is significantly high in Singapore, with over 75% of the population using the internet daily for six hours on average (Statista, 2020). Therefore, the adoption of a strong cybersecurity culture is of crucial importance to the country if both individuals and firms can prevent and recover from possible attacks. However, a variety of challenges make it difficult for the firms and individuals in the country to successfully adopt best practices and standards in cybersecurity, including the high cost of implementation and the continuously evolving cybersecurity landscape.
A key challenge to successfully establishing a culture of cybersecurity in the country is the lack of focus on security by major corporations. According to Vu (2016), major corporations in the country focus more on increasing their revenues and profits by rolling out new internet-based products and services but do not equally focus on the security of these products and services. As a result, some internet products and services that are used by the public have not been comprehensively checked for loopholes that attackers can exploit. Companies instead aim to solve cybersecurity problems when they occur, which creates a culture of laxity related to cybersecurity. A practical solution to this challenge is the use of partnerships between the public and private sectors, making it possible for firms to play a proactive role in creating and implementing cybersecurity standards. 
Despite detailed cybersecurity laws in the country that aim to improve the capacity of both public and private sector organizations relating to cybersecurity, the responsibility to put in place essential safeguards and response measures still primarily lies with individual organizations. According to Kok and Cheang (2019), the cybersecurity act simply provides guidelines that are supposed to be used by the firms to implement cybersecurity, meaning each organization required to comply with the requirements of the act has to make additional investments in security infrastructure and personnel. As a result, only organizations with the needed capacity in terms of resources and personnel can comply with these regulations successfully. Organizations that cannot comply as a result may ignore the possible effects of cybersecurity threats on their operations. Government policies can primarily aid private sector organizations to improve their capacity to adopt and implement cybersecurity standards. The government can, for example, provide a breakdown of crucial cybersecurity standards in a way that makes it easier for an organization to implement them without hiring external consultants. 
The absence of well-trained cybersecurity professionals is also a fundamental challenge to successfully creating a culture of taking cybersecurity seriously in Singapore. According to Simpson (2019), there is a critical global shortage of cybersecurity professionals, and Singapore is among the most adversely affected countries. This means while most organizations may recognize the importance of cybersecurity in their operations, they may be unable to hire competent people who can help them put a practical security framework to safeguard their systems. According to Chelly (2018), there is a shortage of thousands of cybersecurity professionals in the country. As a result, cybersecurity professionals are among the most highly paid IT experts in the labor force, making it difficult for small and medium-sized organizations to hire them. Training programs that focus on cybersecurity can reduce the shortage and experienced personnel and reduce the cost of complying with critical standards. For example, organizations can train their staff on different cybersecurity guidelines and apply them to their operations. This will make it easier to implement much more sophisticated security standards at a lower cost. Governments training programs dedicated to cybersecurity can also aid in reducing the shortage and increase the number of organizations that have access to skilled professionals. 
The costs and complexity of complying with security standards are also a critical challenge that prevents firms from taking cybersecurity seriously. According to Vu (2016), cybersecurity standards can be quite complicated, which makes it difficult for organizations to implement them. In some cases, organizations are not able to correctly predict the possible impacts that specific standards may have on their profitability, which makes them reluctant to implement them. According to Muresan (2018), it can costs most large organizations as much as $14 million annually to successfully comply with cybersecurity standards. Organizations whose primary focus is on profits may, as a result, find it difficult to successfully comply with all key cybersecurity standards that the government may propose. However, the cost of not complying has been determining to be higher than the cost of complying, meaning organizations that intend to maintain best practices have no choice but to incur the costs of implementation. According to Nicodemus (2020), a single cyber breach can cripple an organization's operations and lead to losses of hundreds of millions in dollars. Information campaigns that address the concerns firms may have about the cost of compliance can encourage more organizations to adopt essential standards irrespective of the cost implications. 
Cybersecurity was not historically associated with best practices in business, and as a result, most organizations are reluctant to include it in their operations immediately. According to Vu (2016), most government infrastructure was not designed with a focus on cybersecurity, which has made it difficult to successfully change them in ways that include best cybersecurity practices. Critical infrastructure in the country, such as power grids, were not originally designed with cybersecurity in mind, which makes it difficult to include it in its current state without dismantling everything and starting afresh. This slows down the speed with which cybersecurity can be implemented in public and private organizations with this rigid infrastructure that cannot be easily changed. Information campaigns that break down critical standards as relates to the different types of technologies that a firm may be using can make it easy for firms to update their security framework with best practices, even as the technologies they use change. 
Cybersecurity standards also evolve quite quickly, making it difficult for firms to change their infrastructure to match these changes. Most organizations change their equipment in phases as technology changes due to resource constraints. As a result, security standards are usually implemented in stages, which may be ineffective in creating an effective and comprehensive security environment. Additionally, both public and private sector organizations do not play a vital role in the development of cybersecurity that can be used to secure their systems. Instead, most organizations rely on ready-made solutions that other organizations develop. This makes it challenging to create a culture of cybersecurity development in the private and public sectors that can encourage small and medium-sized organizations to follow suit. According to Vu (2016), there is also an absence of solid partnerships with regional and international organizations that focus on cybersecurity, which makes it difficult for local organizations to acquire and transfer new cybersecurity technology. By taking a proactive role in developing and implementing new cybersecurity standards, leading corporations in the country can provide helpful information and guidelines to their industry peers that will make it easier for them to adopt and implement similar standards. 
Although most people in the country are aware of the need for cybersecurity, quite a few people actually take measures that