More than 7 in 10 (73 percent) organisations in Singapore are unable to identify and fully protect their corporate high-value assets and processes.
Only one-third (34 percent) of companies in the republic polled have the ability needed to monitor for threats to critical parts of their business.
These findings are part of Accenture's Security Index, which surveyed 2,000 enterprise security practitioners globally -- out of which 124 are from Singapore -- and assessed their companies' ability to protect themselves from cyberattacks.
Singapore ranked sixth out of the 15 nations surveyed, with companies reporting high performance in 37 percent of the 33 cybersecurity capabilities.
Cybersecurity accountability (48 percent), Cybersecurity Architecture Approach (47 percent) and IT Risk support (45 percent) are the three areas that Singapore companies are competent in.
In terms of verticals, communication companies have the highest performance globally in 11 capabilities, including the protection and recovery of key assets (49 percent) and monitoring for business-relevant threats (47 percent).
As for banking organisations, they have highest performance in eight capabilities globally, including "what-if" threat analysis (47 percent) and third-party cybersecurity in their extended business ecosystem (44 percent).
Meanwhile, high technology companies rank highest in seven capabilities globally. This include the ability to create a security-minded culture (54 percent) and recovering from cyber incidents (48 percent).
"A turning point has been reached for cybersecurity. While organisations in Singapore, and around the world, have improved their security over the last few years, progress has not kept pace with the sophistication of highly motivated attackers," said Joshua Kennedy-White, managing director of Accenture Security and lead in Asia Pacific.
"A new approach is clearly needed. One that protects the organisation from the inside out and across the entire industry value chain-from the wellhead to the oil pump. And the start of this must be a new, more comprehensive definition of what constitutes cybersecurity success based on impact to the business," he added.
Sign up for Computerworld eNewsletters.