What you don't know about cyber insurance in Singapore

Almost everyone I know in Singapore has bought something online. While you’re busy ordering that new book, paying a bill, or booking a great holiday deal, there should be a hint of uneasiness.

What if someone, somewhere, is stealing your information  – your name, your street address, phone numbers, date of birth (so you can get that Happy Birthday reminder-to-purchase message), and of course, credit card details.

And, if you’re foolish enough, the same password you use for both online purchasing and online banking.  In the click of a button, there goes your identity and suddenly ‘another’ you is destroying your e-reputation, your credit rating, and cleaning out your bank accounts.

With this in mind it’s good to see Singapore insurers offering cyber cover to consumers to help families and individuals mitigate cyber risks. The irony is that the man on the street could well be better protected than many businesses who continue to ignore the cyber threats they face.

Most Singaporean companies do not have cyber insurance but almost every company is vulnerable to cyber risk, be it through financial or reputational damage.

One issue is corporate decision-makers don’t understand cyber insurance. They believe it’s expensive, they don’t know what insurance policies cover, and perhaps worst of all, they don’t believe they will ever be subjected to a cyber attack or a cyber incident that severely damages their business.

Threats can range from data theft and network interruptions to privacy violations. To compromise the life-blood of businesses – data – is bad health, if not death. Cyber insurance should be part of a company’s risk management strategy. A few points to keep in mind are:

-   Any company of any size is vulnerable. The more a business transacts online, the more likely you are to have a cyber incident. Small businesses can be even more vulnerable than large ones, and are unlikely to have the time or resources to effectively deal with a major incident.

- All companies hold data that must be protected – from employee and customer data to business R&D information. Have you done a top to bottom review of your security measures, including an audit of your data protection plan and your disaster recovery plan?  Do you understand where you are vulnerable and where you may incur loss?

-  The risk is more than an IT issue. The risk involves intangibles as well – a leak to the media by a disgruntled employee, data sent to the wrong party, and data destroyed in a virus attack.

For commercial and individual cyber protection, it is important that you review your technology risks, analyse your cyber risk, and protect your data. Cyber insurance is not one-size-fits-all and should be tailored to meet your needs and the capability of your company.

Cyber risk is a real and increasing threat. If the treat is serious enough for individuals to be offered cyber insurance, surely it is serious enough for Singaporean companies to consider the same level of ‘peace of mind’.