The Importance of Cybersecurity to SMEs in Singapore
It cannot be stressed enough how important cybersecurity protection. For SMEs, it is important to have measures in place that help to safeguard against the consequences of cyber security breaches and attacks, because any company is capable of being attacked, not just big corporations.
In fact, Singapore’s small and medium enterprises – or SMEs – are in fact the prime target for these cyberattacks. 60 per cent of SMEs who were surveyed under the Singapore Business Federation 2016 were found to be vulnerable to cyberattacks because they are less resilient compared to the bigger corporations.
Why were SMEs more vulnerable than other corporations? Because they often had less complex technology and safeguard measures in place to help protect them against these attacks. With fewer resources, the staff are often not adequately trained to identify cyber threats when needed. Not to mention that there is fewer impetus for these SMEs so put stronger measures in place.
The Cybersecurity Act stipulates that only corporations and owners who hold critical information infrastructure (CII) need to take the necessary precautionary measures, so it becomes inevitable that hackers are bound to target the less vulnerable.
What Happens When a Cyber Attack Occurs?
The most common occurrence would be companies losing the personal data of their customers. By law, SMEs are required to make reasonable security arrangement for the protection of this data under the Personal Data Protection Act (PDPA) and not complying could result in regulatory penalties should a breach occurs.
Should a breach of security happen, any individuals affected also have a right to sue for failure to protect their personal data. Under the PDPA, the individual has a right to private action if they can show that they have suffered a loss or damage resulting from the security breach.
SMEs could also risk litigation for breaching the contractual obligations owed to the clients. SMEs which were facing ransomware attacks were also capable of suffering more than 24-hours of downtime, which means that SMEs who have promised to maintain continued services to its clients are in danger of breaching contractual obligations which could lead to possible legal action.
SMEs could also suffer a damage to its reputation if the security breaches are serious enough. Members of the public and other companies may lose confidence in companies that suffer security breaches and be reluctant to do business with them in the future.
Because of their size, SMEs who suffer these attacks may be harder hit than their larger counterparts.
What Should SMEs Do to Prevent Against These Cybersecurity Attacks?
The consequences of cybersecurity breaches can be dire, but there are measures in place which all SMEs should adopt to prevent these attacks from happening and keep their liabilities to a minimum:
SMEs need to start established cybersecurity policies and then start implementing these solutions to combat these risks.
It is important to classify and identify the risks involved based on the personal data that that these companies hold.
It is also important implement the cyber security solutions.
SMEs need to start raising awareness about cyber security among its employees so that all employees will have strong security awareness.
It is important for SMEs to purchase a cyber insurance plan to indemnify the damages which may arise from data security breaches.