- As Cyber Risks Rise, Singapore SMEs Are Less Concerned
- 65% of SMEs were victims of cyber incidents in the past year – up from 2018
- 40% of SMEs surveyed do not have cyber risk insurance
A survey by Chubb of Small and Medium Enterprises (SMEs) in Singapore reveals that while cyber risk is rising, SMEs remain unprepared to deal with the potential consequences. The second annual Chubb SME Cyber Preparedness Report 2019 – ‘Ignorance is Risk’ – reveals that nearly two-thirds (65%) of Singapore SMEs reported experiencing a cyber incident in the past 12 months, as more businesses embrace digitalisation. Worryingly, more than half (54%) of cyber incidents were caused by a risk SME leaders had already identified, showing a clear gap between perceived and actual preparedness.
SMEs Less Concerned About Impacts of Cyber Incidents
Despite a rise in cyber incidents over the past 12 months, Singapore’s SMEs are less worried about the impact on their business, with significant drops across four key areas– relationship with customers (from 65% t0 55%), revenue and sales (from 62% to 51%), public reputation (from 59% to 49%), and cost of the incident (from 59% to 46%).
This apparent lack of concern is puzzling, especially when SMEs make up 99% of all businesses in Singapore, according to Andrew Taylor, Cyber Underwriting Manager, Chubb Asia Pacific. “With more businesses going digital in Singapore, it’s unsurprising that cyber incidents are on the rise. SMEs need to keep pace and educate themselves about all the cyber threats they face,” said Taylor. He continued, “This comes into sharp focus when we consider exactly what kind of data is accessed in a breach. In Singapore, nearly a third of the data files breached were email traffic of the senior team, followed by research and development data, intellectual property data and financial performance data. This is commercially sensitive information which, if exposed, could impact business operations and the reputation of their ability to compete.”
Most SMEs Place Blame for Cyber Incidents on Employees
The survey further reveals that SME leaders have a poor opinion of their employees’ cyber risk preparedness. More than half (53%) of SMEs are not confident that employees with access to sensitive data are fully aware of their data privacy responsibilities. Additionally, 29% of SME leaders believe employees are the weakest link in their cyber defence. This perception is not unfounded. Just over half (53%) of the cyber incidents suffered in the past 12 months were caused by employees – either through administrative or clerical errors (30%) or through the loss or theft of a company device such as a laptop or USB drive (23%).
Reducing the Risk with Insurance
While 60% of SME leaders believe insurance has a role to play in protecting against cyber risk, only 34% of SMEs are currently insured. Of the additional services that insurers can offer when responding to an incident, SMEs saw good value in regulatory advice (56%) and assistance with speed of incident response (56%) from their insurer. “As an industry, insurers need to take some responsibility for raising standards around cyber risk management, especially among smaller businesses where both coverage and preparedness are lower. We believe this report can help increase awareness of this issue and offer some useful advice for SMEs,” said Mr Taylor. “As Singapore continues to invest heavily in digitalisation to strive towards its Smart Nation goals, local SMEs, which form the backbone of the economy, need to be adequately prepared and protected.”