{"id":19775,"date":"2025-12-12T01:47:00","date_gmt":"2025-12-12T01:47:00","guid":{"rendered":"https:\/\/sawahsolutions.com\/alpha\/singaporean-organisations-struggle-to-keep-ai-governance-pace-with-rapid-adoption-okta-report-reveals\/"},"modified":"2025-12-12T02:07:35","modified_gmt":"2025-12-12T02:07:35","slug":"singaporean-organisations-struggle-to-keep-ai-governance-pace-with-rapid-adoption-okta-report-reveals","status":"publish","type":"post","link":"https:\/\/sawahsolutions.com\/alpha\/singaporean-organisations-struggle-to-keep-ai-governance-pace-with-rapid-adoption-okta-report-reveals\/","title":{"rendered":"Singaporean organisations struggle to keep AI governance pace with rapid adoption, Okta report reveals"},"content":{"rendered":"

<\/p>\n

\n

A new survey highlights critical gaps in AI risk ownership and oversight among Singaporean organisations, signalling urgent need for stronger governance amid accelerating AI deployment.<\/p>\n<\/div>\n

\n

Even as Singaporean organisations move rapidly from experimentation to strategic AI use, governance and clear ownership of AI risk lag behind, according to Okta\u2019s AI Security Poll. The live poll, conducted in November at Okta\u2019s Oktane on the Road event in Singapore, found 53% of respondents say AI security risk falls to the CISO or the security function, while 25% reported no single person or function currently owns AI risk in their organisation. The survey also reported limited board engagement: half said their boards are aware of AI-related risks but only 31% reported full board oversight. [1]<\/a><\/sup>[2]<\/a><\/sup>[3]<\/a><\/sup><\/p>\n

According to the original report, visibility into AI behaviour is weak: only 31% of respondents expressed confidence in their ability to detect if an AI agent is operating outside its intended scope, and 33% do not monitor AI agent activity at all. The poll highlighted technical blind spots that raise the prospect of data leakage and uncontrolled use, naming integrations (36%) and Shadow AI or unapproved tools (33%) as prominent vulnerabilities. Alarmingly, just 8% said their identity systems are fully equipped to secure non-human identities such as AI agents, bots and service accounts. [1]<\/a><\/sup>[2]<\/a><\/sup>[3]<\/a><\/sup><\/p>\n

Okta\u2019s regional vice-president, Stephanie Barnett, framed the gap as a governance imperative, saying: “Organisations in Singapore are adopting AI at speed, which signals growing maturity in how the technology is being used. We are seeing a shift from early experimentation to responsible, strategic adoption. The next step is ensuring governance and security evolve at the same pace.” The report\u2019s authors urged organisations to treat AI agents as first-class identities within existing security and lifecycle controls. [1]<\/a><\/sup><\/p>\n

Industry data shows this concern fits a broader shift: a recent identity-security survey found 85% of organisations now consider Identity and Access Management (IAM) crucial to their cybersecurity posture, up from 79% the prior year, and that managing non-human identities presents distinct challenges such as dynamic lifespans, lack of traceable ownership and reliance on API tokens. The survey highlighted difficulty in controlling access (78%), lifecycle management (69%) and limited visibility (57%) as persistent problems. Such findings underscore why security leaders increasingly view identity as central to AI risk mitigation. [4]<\/a><\/sup><\/p>\n

Other regional studies point to compounding pressures. A KnowBe4 study reported that more Singapore IT leaders rank AI among the top five defensive tools against sophisticated threats, while a Proofpoint report warned that generative AI adoption and expanding data volumes are intensifying insider and accidental data-loss risks , with employees, contractors and compromised accounts frequently cited as sources of major data loss. Together, these surveys suggest organisations face both an operational visibility problem and an expanding attack surface as AI is embedded across workflows. [5]<\/a><\/sup>[7]<\/a><\/sup><\/p>\n

The company announcement accompanying Okta\u2019s findings outlined product developments intended to address unmanaged identities and governance gaps, with new Workforce Identity Cloud capabilities designed to improve control, visibility and lifecycle management of service accounts and other non-human identities. The company claims these features will reduce risks from unmanaged identities and social engineering, though experts say adoption and board-level oversight must follow technical fixes for governance to be effective. [6]<\/a><\/sup><\/p>\n

“As AI becomes more embedded across workflows, organisations need to treat AI agents like any other and apply the same discipline to securing AI agents as they do to human users,” the report concluded, framing identity-first controls and clearer ownership as the next practical steps for organisations seeking to reconcile rapid AI adoption with resilient security and governance. [1]<\/a><\/sup><\/p>\n

\ud83d\udccc Reference Map:<\/h3>\n

##Reference Map:<\/p>\n