Does your company lack effective cyber security and risk management?
Cyber security is a significant focus for both Singapore’s public and private sectors. With the increasing digitization of personal and sensitive information, protecting the rights and safety of clients and businesses alike has come to the forefront of corporate risk management. Unfortunately, a new study has found only a tiny number of corporates are certain their business has not experienced a cyber security breach in the past year. This week, Pacific Prime Singapore examines just where Asia-Pacific corporates are in terms of risk and compliance concerns, and what’s being done to better support cyber security.
40% of corporates unsure about cyber security breaches
According to a report from SWIFT, only 15% of enterprises surveyed could claim to have not experienced a cyber security breach in the past year. The Asia Pacific Corporate Risk and Compliance Index interviews 915 of Asia Pacific’s Top 1,000 revenue-ranked entities across 10 major economies, and found current risk management strategies in the region to be ineffective. Stella Lim, Head of Corporates, APAC, SWIFT, believes the problem arises from a lack of understanding and awareness around cyber security, as well as the issues an attack could deliver having a low importance with senior management.
In addition to understanding corporate self assessment of their current cyber risk strategies, the report also held a number of other key highlights:
- Over a third of corporates experiencing cyber breaches have reported monetary losses, while 20% highlighted a breach of client data
- Lacking standardized internal procedures to manage new risks, particularly in developing markets, leads to incidents of high data and monetary loss.
- Many need to focus on integrating risk and compliance into their business more fully, be more proactive, and improve external risk management
Malware, including spyware and ransomware, was identified with phishing as being the leading threats to cyber security in the Asia Pacific. Such attacks resulted in monetary losses for corporate businesses, a loss of client data, and, in smaller numbers, events of cyber extortion and identity theft.
When it comes to regulatory compliance, avoiding fines and penalties is the number one driver motivating the efforts of corporates in the region. Nearly four-fifths of those surveyed admitted this, while reputational risk, and improved data and informational security were what incentivized businesses to observe compliance regulation.
Corporates are shying away from their cyber security responsibility
One of the biggest challenges found in the SWIFT report is that, internally, corporates just aren’t taking the threat of cyber attacks seriously enough. More than half of corporates admitted to having no standardized internal procedure for managing newly identified risks. This was more prevalent in the countries of Taiwan and Indonesia where the number of corporates with inadequate risk and compliance governance systems was as high as 80-90%. Countries of lower risk of cyber attacks were also identified as at risk of complacency which, in such a fast developing sector, can make them more susceptible to surprise threats.
That said, Asia Pacific corporates are still talking to a range of experts for advice on risk management. These include:
- Banks (6%)
- Legal advisors, technology vendors, and specialist consultants (25-35%)
These efforts are still be let down by the fact that Chief Risk Officers are still not yet a common feature of many Asia Pacific corporates. Less than half of the Australian markets dedicate a Chief Risk Officer to deal with risk and compliance management matters, with countries like Hong Kong relegating such responsibilities to general IT departments. Without the proper structures in place to adequately deal with cyber security threats, many corporates may be leaving themselves unnecessarily open to attacks that are getting more and more sophisticated.
Cybercriminals will continue to innovate rapidly in coming years
Unfortunately for many companies, taking advantage of weak cyber security is a lucrative business for cybercriminals. The Asia Pacific has already seen a number of significant attacks impact corporates around the region, with the top risks coming from:
Criminals are expected to target high-value assets using more sophisticated and innovative ransomware variants, extorting victims by denying access to data or threatening to expose it publicly.
Corporations can be at risk of offenders encrypting their own website content. Governments in Asia have already been found victims of such acts, such as the Pakistani government websites locked by CTB-Locker ransomware.
Denial of service attacks are becoming more well known, and Singapore itself was struck after StarHub, a telecoms company and internet service provider, was attacked by a botnet of devices whose installations at customer premises were not made fully secure.
|Social media mobilization
Cyber activists and criminals are still frequently using social channels, such as Facebook and Twitter, to organize and coordinate cyber security attacks on corporations. Operation Myanmar (#OpMyanmar) was orchestrated by Bangladeshi criminals using a 12,000 member strong closed Facebook group.
|Focus on high-value targets
With an increasing number of startups and e-commerce enterprises in the Asia Pacific, cybercriminals are highly active in target potential sources for credit card and bank account detail trafficking.
|Greater stolen data to drive more savvy phishing scams
Instead of Nigerian Prince emails, internet users in the Asia Pacific may see phishing attempts become more personalized as cybercriminals use things such as social media profiles, and leaked or stolen data, to better hide their ill intentions.
Digitization means a number of wonderful and profitable opportunities for many corporates, however those same opportunities broaden for cybercriminals too. It’s important that both the private sector and governments alike consider the increased risk associated with conducting more business online.
What’s happening in Singapore to beef up cyber security?
In late September of this year, the Monetary Authority of Singapore (MAS) announced that it has established a Cyber Security Advisory Panel (CSAP). Members of this panel were recognized international experts on risk and compliance management, and includes individuals from JPMorgan Chase & Co, the London Stock Exchange Group, PricewaterhouseCoopers Risk Services, and IBM Resilient. The MAS managing director, Mr Ravi Menon, said then that strong cyber security is critical to sustaining trust and confidence, and that the panel would be invaluable in securing Singapore’s financial sector against cyber threats.
More recently, the MAS has explained it has been raising the level of expected standards for cyber security risk management, with plans to increase regulations where required to encourage threat mitigation. As a hub of digital innovation, some 20 global banks and insurers set up innovation labs in Singapore that focus on a range of future-proofing issues, such as increasing online productivity through disruptive business models, whilst accounting for the increased exposure to risk to the business.
This is good news, as it shows that corporates in Singapore remain focused on smart and responsible development of their online business. The CSAP itself has already made strong statements encouraging corporates to take more ownership of cyber risk and compliance issues, stating that boards of financial institutions should their raise standards in terms of effective oversight of cyber risk management.
Securing yourself against significant disruption from cyber security attacks
The bad news is that cyber security attacks can come seemingly from out of nowhere. Whilst every business’ goal is to make a profit, it’s making big profits that can make you stick out and paint a target on your back. In Singapore and the Asia Pacific, implementing a robust cyber security framework that consists of sound policies, procedures, and practices to detect, identify, and protect against cyber attacks is integral to ensuring the country can continue on its path to being a Smart Nation. Everyone has a role in this; from governments, independent advisor panels, to businesses taking responsibility to take this emerging threat seriously.
One of the simplest steps you can take it to consider taking out cyber insurance. These relatively new products are designed to provide assistance where your business has been the target of cybercriminals. Like disaster insurance, cyber security policies are designed to ensure your business suffers the least amount of disruptions possible after an attack, can cover you for liability related to client loss of money or data, and can even dispense funds should damage to your computer systems result in medium-to-long term interruptions. In the event of damaged systems, cyber insurance can also cover data recovery costs.
If you’re a corporate that knows it can do more cyber security-wise to protect itself and its clients, the best way to explore your cyber insurance options is to engage the services of an expert corporate insurance broker. At Pacific Prime Singapore, our team of corporate consultants and advisors can work with you to ensure that the coverage you get will match the level of risk and compliance needs your company has whilst operating in Singapore, Asia Pacific, or even the rest of the world.
To organize a phone call or meeting to discuss your cyber security needs, contact Pacific Prime Singapore today.
- Dermatological Care and Your Private Health Insurance in Singapore - December 1, 2023
- Thalassemia in Singapore: Everything You Need to Know - November 10, 2023
- What You Need to Know about Allergies in Singapore - September 4, 2023