The average cost of a data breach in ASEAN countries, including Singapore, reached US$3.05 million in 2023, highlighting the financial risks associated with poor cloud security. In Singapore, cloud breaches cost businesses an average of $16 million in 2022.
A new report by Tenable reveals that businesses in Singapore and Southeast Asia are facing significant cloud security risks. The 2025 Cloud Security Risk Report highlights alarming vulnerabilities, including misconfigured storage and embedded secrets in workloads, which could lead to data breaches and regulatory repercussions.
The report indicates that 9% of analysed cloud storage resources contain restricted or confidential information. Furthermore, nearly one in ten publicly accessible storage locations holds sensitive data due to misconfigurations and weak access controls.
Even more concerning, 54% of organisations using AWS ECS task definitions have secrets embedded within them, potentially leading to full cloud environment takeovers or unauthorised crypto mining. Within AWS EC2 instances, 3.5% contain credentials embedded in user data, providing attackers with a clear path to escalate privileges.
"Secrets are the keys to the kingdom, yet many organisations are unknowingly leaving them unguarded across their cloud infrastructures," said Ari Eitan, director of cloud security research at Tenable.
"In today’s threat landscape, complacency is costly. Organisations must treat secrets with the highest level of security hygiene to prevent attackers from gaining footholds that can spiral into full-blown breaches." Ari Eitan
These findings are particularly relevant for organisations operating in regulated sectors. Singapore's Cybersecurity Act and Personal Data Protection Act (PDPA), along with the Monetary Authority of Singapore (MAS) Technology Risk Management Guidelines, impose strict data protection and cybersecurity requirements.
Similarly, Indonesia’s Personal Data Protection Law (PDP Law), Thailand’s Personal Data Protection Act (PDPA), Malaysia’s Personal Data Protection Act (PDPA), and the Philippines’ Data Privacy Act all mandate stringent data protection measures ([ASEAN Briefing], [Clym]).
Singapore is actively scaling up cloud adoption, supported by initiatives like IMDA’s Cloud Outage Incident Response (COIR) framework ([Computer Weekly]). The Tenable report underscores the need for a proactive, risk-driven security strategy.
"The cloud offers incredible agility, but without strong controls and continuous monitoring, it also opens the door to significant exposures," Eitan added. "Understanding where your sensitive data and credentials are and who can access them must now be a board-level priority."