Report flags lack of cyber preparedness among SMEs in Singapore

Over half of cyber incidents at SMEs in past year were caused by known risks: Survey

More than half the number of cyber incidents that small and medium-sized enterprises (SMEs) here experienced in the past year or so were caused by a risk leaders had already identified, found a survey by Chubb Insurance.

Such incidents included data loss through system malfunctions and getting hit by ransomware.

Flagging a clear gap between perceived and actual preparedness, the second annual Chubb SME Cyber Preparedness Report released yesterday also showed that 53 per cent of the cyber incidents in the past 12 months or so were caused by employees.

This was either through administrative or clerical errors, or the loss or theft of a company device, such as a laptop or USB drive.

The Singapore figures were based on a survey of 300 respondents from SMEs here.

This was part of a larger survey involving 1,400 respondents, with the rest from Hong Kong, Australia and Malaysia.

Nearly two-thirds of the Singapore SMEs surveyed reported experiencing a cyber incident in the last year, even though nearly half said their organisation assumes it will never experience one.

In Singapore, 30 per cent of the data files breached involved e-mail traffic of the senior team.

Research and development data made up 24 per cent, while intellectual property data and financial performance data accounted for 23 per cent each.

"While Singapore performed slightly better than other markets in protecting customer records, collectively this data was still accessed in 40 per cent of all breaches," said the report.

"In 12 per cent of incidents, the SME wasn't even aware of what data was breached."

Mr Andrew Taylor, cyber underwriting manager for Chubb Asia-Pacific, said: "With more businesses going digital in Singapore, it's unsurprising that cyber incidents are on the rise. SMEs need to keep pace and educate themselves about all the cyber threats they face."

The survey also found that despite a rise in the number of cyber incidents, Singapore SMEs are "less worried about the impact on their business".

Compared with last year's survey, fewer firms were worried about the impact of a cyber incident on their relationship with customers, revenue and sales, reputation, or the cost of the incident.

While 60 per cent of SME leaders overall believed that insurance has a role to play in protecting them against cyber risk, only 34 per cent of SMEs are currently insured against cyber incidents.

Similar to last year's findings, 59 per cent of SME leaders believed that large corporations are at greater risk of cyber attacks.

Over half of the SMEs surveyed were not confident that staff with access to sensitive data are fully aware of their data privacy responsibilities, although a larger proportion of leaders are identifying better training in cyber-risk management as an important next step.

Join ST's Telegram channel and get the latest breaking news delivered to you.

A version of this article appeared in the print edition of The Straits Times on October 17, 2019, with the headline Report flags lack of cyber preparedness among SMEs in Singapore. Subscribe