Cyber security in Asia
Asia has been slower in mitigating against cyber-security lapses than other countries, as there have been comparatively fewer cases of cyber-attacks in the region. However, with the increase in the digitalisation of industries and services in Asia, the risk of cyber-attacks has increased. In fact, according to a report by network security company FireEye, Asia Pacific countries are more susceptible to advanced cyber-attacks.
This is backed up by research carried out by the National Institute of Information and Communications Technology (NICT) of Japan which found a doubling of the number of computer attacks on government and other organizations in the country last year to a record 25.66 billion compared to 2013. Singapore has not been spared – it was the target of a series of high profile attacks recently. Prime Minister Lee Hsien Loong’s own official website was hacked into, and 1,506 SingPass accounts were potentially compromised when they were hacked into. As a direct result of the SingPass hacking, the government has enhanced security capabilities of the service including the introduction of a two-step verification process to access the system.
On the whole, such cyber-attacks are increasingly causing serious risks to economies as well as to national and international security, and are now widely accepted in the international community as a top-tier risk, if not the most pertinent risk, to national and international security. The World Economic Forum has flagged cybersecurity as one of the key risks, and governments as well as company bosses are placing an increasing focus on shoring up their defences against cyber-attacks.
The effort to mitigate and safeguard against cyber-attacks has to be shared by both industry and government to be truly effective. This is especially relevant in Singapore where the government most recently unveiled its blueprint to develop Singapore into a “Smart Nation”, and at the same time also established a new agency that provides dedicated and centralised oversight of Singapore’s national cyber security functions. While these initiatives might not seem related, there is in fact perfect synergy between both.
The “Smart Nation” vision involves harnessing ICT, networks and data to support better living, create more opportunities, and to support stronger communities. This would result in an even higher take-up rate of digital and ICT solutions across everyday life solutions, increasing the exposure of the public to the impact of cyber-attacks. On the other hand, to balance this expected vulnerability to cyber-attacks, the Cyber Security Agency of Singapore (CSA) focuses on engagement and partnership to ensure the holistic development of Singapore’s cyber security landscape. Since its inception in April this year, the agency has unveiled a series of collaborative initiatives to reach out to businesses in Singapore to arm them with means to mitigate cyber-attacks and strengthen their cyber-security. The eventual goal of such collaborations is to encourage and spread an holistic awareness of cybersecurity risks and arm individuals as well as organisations with knowledge of how they can mitigate such attacks.
Role of insurance industry
While traditional commercial general liability does not respond to a cyber or data breach claim, the insurance industry recognises the risks posed by cyber-attacks and offers specialised and tailored solutions that apply specifically to a cyber-attack or data breach. The industry has a unique vantage point – it has insight into what works and what does not in tackling cyber risks, as it evaluates risk management technologies, policies and procedures at the macro level during the underwriting process. Such insight is invaluable and the industry applies it to the solutions it offers.
Cyber insurance products generally provide coverage for privacy and security liability, data breach response, crisis management, business interruption, data recovery and even cyber extortion. The coverage offered is available for first- and third-party losses, which cover customer or vendor relationships and customer-sensitive (non-public) information that your business might hold. The products also give broad media coverage including both online and offline content.
Moreover as the need for cyber insurance increases in Asia, insurance companies are tailoring their suite of cyber insurance solutions to specific regional and local needs of their customers. Some insurance companies, such as XL Catlin, offer customers a menu-card of cyber insurance products that the customer can choose from for their own bespoke individual coverage requirements.
Cyber insurance cover has been around for almost 15 years, but many security professionals in the region seem to have not heard of it or know that it exists. Unfortunately in an age where almost all businesses are vulnerable to a cyber-attack, it is crucial for organisations to think about having a robust prevention, response and recovery plan in place to minimise the damage of any such attacks. No two businesses are the same when it comes to cyber risks, therefore it is key to understand the cyber risks the business faces and to ensure the cyber policy is tailored to mirror those risks.
Want to know more? You can reach Ralph on: firstname.lastname@example.org