A survey by Chubb of Small and Medium Enterprises (SMEs) in Singapore reveals that despite a rise in cyber risk, SMEs remain unprepared to deal with the potential consequences.
The second annual Chubb SME Cyber Preparedness Report 2019 – ‘Ignorance is Risk’ released in October, revealed that with increasing digitalization, nearly two-thirds (65%) of Singapore SMEs reported experiencing a cyber incident in the past 12 months. Notably, more than half (54%) of cyber incidents were caused by a risk SME leaders had already identified, showing a clear gap between perceived and actual preparedness.
SMEs Less Concerned About Impacts of Cyber Incidents
Despite a rise in cyber incidents over the past 12 months, the survey found that Singapore’s SMEs are less worried about the impact on their business. This apparent lack of concern is puzzling, especially when SMEs make up 99% of all businesses in Singapore, according to Mr Andrew Taylor, Cyber Underwriting Manager, Chubb Asia Pacific.
“With more businesses going digital in Singapore, it’s unsurprising that cyber incidents are on the rise. SMEs need to keep pace and educate themselves about all the cyber threats they face,” said Mr Taylor.
He continued, “This comes into sharp focus when we consider exactly what kind of data is accessed in a breach. In Singapore, nearly a third of the data files breached were email traffic of the senior team, followed by research and development data, intellectual property data and financial performance data. This is commercially sensitive information which, if exposed, could impact business operations and the reputation of their ability to compete.”
Most SMEs Place Blame for Cyber Incidents on Employees
The survey further reveals that SME leaders have a poor opinion of their employees’ cyber risk preparedness. More than half (53%) of SMEs are not confident that employees with access to sensitive data are fully aware of their data privacy responsibilities. Additionally, 29% of SME leaders believe employees are the weakest link in their cyber defense.
This perception is not unfounded. Just over half (53%) of the cyber incidents suffered in the past 12 months were caused by employees – either through administrative or clerical errors (30%) or through the loss or theft of a company device such as a laptop or USB drive (23%).
Reducing the Risk with Insurance
While 60% of SME leaders believe insurance has a role to play in protecting against cyber risk, only 34% of SMEs are currently insured.
Mr Taylor acknowledged that insurers themselves need to take some responsibility for raising standards around cyber risk management, “especially among smaller businesses where both coverage and preparedness are lower”. He believes the report will increase awareness and offer useful advice to SMEs seeking to prepare and protect themselves in an increasingly digitalized environment.