How Indispensable is Cybersecurity to SMEs in Singapore: Planning Ahead for Your Business
It cannot be stressed enough how important cybersecurity protection is. For SMEs, it is essential to have measures in place that help to safeguard against the consequences of cybersecurity breaches and attacks, because any company is capable of being attacked, not just big corporations.
In fact, Singapore’s small and medium enterprises – or SMEs – are in fact the prime target for these cyber attacks. 60 percent of SMEs who were surveyed under the Singapore Business Federation 2016 were found to be vulnerable to cyber-attacks because they are less resilient compared to the bigger corporations.
Why were SMEs more vulnerable than other corporations? Because they often had less complex technology and safeguard measures in place to help protect them against these attacks. With fewer resources, the staff does not receive adequate training to identify cyber threats when needed.
The Cybersecurity Act stipulates that only corporations and owners who hold critical information infrastructure (CII) need to take the necessary precautionary measures, so it becomes inevitable that hackers are bound to target the less vulnerable.
What Happens When a Cyber Attack Occurs?
The most common occurrence would be companies losing the personal data of their customers. By law, cybersecurity to SMEs falls under the Personal Data Protection Act (PDPA), which implies that companies should make reasonable security arrangements for the protection of data. Failure to comply could result in regulatory penalties should a breach occurs.
Should a breach of security happen, victims also have a right to sue for failure to protect their personal data. Under the PDPA, the individual has a right to private action if they can show that they have suffered a loss or damage resulting from the security breach.
SMEs could also risk litigation for breaching the contractual obligations owed to the clients. Those facing ransomware attacks were also capable of suffering more than 24-hours of downtime. This means SMEs who have promised to maintain continued services to its clients are in danger of breaching contractual obligations. As a result, there could be potential legal action from customers.
SMEs could also suffer damage to their reputation if the security breaches are serious enough. Members of the public and other companies may lose confidence in companies that suffer security breaches and be reluctant to do business with them in the future.
Because of their size, SMEs who suffer these attacks may be harder hit than their larger counterparts.
What Should SMEs Do to Prevent Against These Cybersecurity Attacks?
The consequences of breaches in cybersecurity to SMEs can be dire. However, there are measures in place which all SMEs should adopt to prevent these attacks from happening and keep their liabilities to a minimum:
- SMEs need to start established cybersecurity policies and then start implementing these solutions to combat these risks.
- It is important to classify and identify the risks involved based on the personal data that these companies hold.
- It is also important to implement cybersecurity solutions.
- SMEs need to start raising awareness about cybersecurity among its employees so that all employees will have strong security awareness.
- It is important for SMEs to purchase a cyber risk insurance plan. This will indemnify the damages which may arise from data security breaches.