Singapore's first cybersecurity agency will begin operations on April 1, overseeing national cybersecurity functions and developing infrastructure to better respond to cyber threats.
As attacks become more commonplace and destructive, governments in Asia Pacific are implementing measures to combat cybercrime, yet many public companies in the region do not perceive it as a top priority, despite their increasing vulnerability.
When customers signed up for membership at local karaoke chain K Box, they never imagined becoming a victim of cybercrime, with their names, home addresses, phone numbers and identity-card numbers turning up online.
This is what happened in September last year, when hackers unearthed the company's database containing more than 317,000 customers and posted their details online.
K Box is not alone. According to the Singapore Police Force, crimes involving e-commerce grew a massive 225 per cent last year, with offences ranging from a phony PayPal email scam to cyber extortion.
But it is not just Singapore; Asia Pacific is a ripe target for cybercrime, with the rapid development of e-commerce, Internet banking and mobile applications. In fact, the region is two times more likely to be a victim of advanced cyber attacks than any other part of the world.
These cybercrimes can result in huge financial losses including compensation payouts to customers and the cost of investigating the breach. And more broadly, the brand damage and loss of customer trust can also have long- lasting financial impacts on a company's bottom line for years to come.
PREVALENCE OF CYBERCRIMES
Sony Pictures is a company still feeling the impact of last November's breach when hackers released private data about Sony employees, their email chains, information about salaries, marketing plans, copies of unreleased Sony films, among other confidential information.
Not only did the hack cost Sony tens of millions of dollars in investigative and remediation expenses, the company lost market share due to a lack of consumer trust. Co-chair of Sony Pictures Amy Pascal was also forced to step down from her position after two decades at the company because of the widespread backlash from her leaked email messages.
And the risks are getting greater. With growing dependence on cloud and mobile technology, cybersecurity will become an even more important issue in 2015 and beyond - challenging governments and corporations to come up with enhanced security measures to protect both companies and customers.
While financial institutions have been the primary targets in the past, today the victims come from any and virtually every industry.
AIG's cyber-insurance claims data indicates that companies affected by cybercrime range from retail, higher education, law to finance and healthcare. Hackers are also no longer directly attacking their intended targets. Smaller organisations are now viewed as vehicles to gain access to larger corporations, so you have hackers accessing, for instance, Standard Chartered via a Fuji Xerox server here in Singapore.
However, despite this increasing exposure for all companies and the vast ramifications of cybercrime, research undertaken by AIG in 2014 shows that listed companies still do not consider cyber exposure as a high-risk priority, which often leaves them exposed both from an infrastructure and a financial perspective.
The research found that only 15 per cent see cybercrime as a priority, and only 23 per cent consider data breach or loss of information as one of their top three risk priorities.
These numbers are exceedingly low considering the great burden of cyber breaches. This is especially so when these companies are more concerned about loss of reputation (42 per cent) and protecting against financial loss (33 per cent) - two of the most detrimental consequences cyber breaches will have on a company.
IMPORTANCE OF CYBER PROTECTION
As Singapore looks to beef up its cybersecurity defences, companies also need to re-evaluate their top risk priorities and safeguard themselves. A corporation's first line of defence is its own IT system, but even the most advanced security systems can fall prey to increasingly sophisticated attacks.
In February, Nanyang Polytechnic's alumni database was breached, and the bank details of the alumni were stolen.
Taking up cyber insurance is an important consideration for companies in this new cyber climate, with policies covering lost income, third-party costs and copyright infringements.
According to AIG's 2014 study, only 9 per cent of public companies in Asia currently have cyber insurance. However, two-thirds acknowledge that it will be increasingly important in the future.
Some companies still think that only certain industries such as media and telecommunications are susceptible to cybercrime, but in the digital age this is no longer the case. The top priority for companies should be about getting coverage, not counting and claiming the costs incurred after becoming a victim.
Comprehensive insurance cover can help a company get on the front foot as soon as a breach has taken place, by deploying a cybersecurity response team to offer counsel on legal, public relations and auditing matters. This can help to prevent or reduce reputational harm to the company from the outset as well as financial losses.
The exposure to cybercrime and cyber breaches cannot continue to be ignored. Cyber attacks in Singapore have not yet reached the level of global headlines or collateral damage of the Sony hack, but companies can no longer hedge their bets hoping that a major security event will not transpire. Let's not wait for Singapore's Sony to happen.
The writer is head of financial lines, Singapore at AIG Asia Pacific Insurance Pte Ltd
This article was first published on March 27, 2015.
Get The Business Times for more stories.