According to a survey by Chubb, three in five Small and Medium Enterprises (SMEs) in Singapore have had cybersecurity breaches that resulted in business disruptions and data leaks over the past 12 months.
However, according to the same survey, only 30 percent of those affected organizations notified customers or employees of the data leaks.
According to Chubb, the reason behind the significant breach is the SME feels that they are too small to fail and only large corporations are more at risk of cyber attacks.
Andrew Taylor, Chubb Asia Pacific's Cyber Underwriting Manager, shared, "Smaller companies have a relatively larger exposure as they face the same threats as larger businesses but do not have the means to implement comprehensive protection, leaving significant risk uncovered."
Chubb conducted the poll with participant companies employing fewer than 200 workers after the news about Singapore's worst data breach involving the personal details of 1.5 million SingHealth patients, including those of Prime Minister Lee Hsien Loong.
According to the Chubb survey, the participating SMEs reasoned that system and data breaches were mainly due to system breakdowns and human error and loss of portable storage devices.
The survey also highlighted that SMEs are ill-prepared to protect sensitive data, with three in five companies saying that cybersecurity is mainly seen as an IT issue in their organizations.
Half of all companies polled stated that key staff might not be fully aware of their obligations to protect the data they have access to and there is no consistent understanding of what constitutes a cybersecurity risk.
According to reports, a new requirement will soon be tabled in Parliament this year requiring organizations to report breaches to the PDPC. The revised Personal Data Protection Act will also require individuals affected by a violation to be notified. Organizations found guilty of being tardy in reporting can be fined up to $1 Mn.