A Data Breach is a serious matter for any company worldwide.
What are the consequences here in Singapore?
First: Legal and regulatory penalties.
In Singapore we have the PDPA to regulate the collection, storage and protection of personal data stored in electronic and non-electronic formats.
The PDPA may impose financial sanctions:
- For individuals: 5% of the person’s annual income in Singapore for persons with annual local income exceeding S$20 million, or up to S$200,000, whichever is higher.
- For organisations: 10% of the organisation’s annual revenue in Singapore for organisations with annual local revenue exceeding S$10 million, or up to S$1 million, whichever is higher.
Second: The affected company will have to deal with Cybersecurity and incident response additional costs to prevent future breaches.
Third: Damage to reputation, trust and brand, a decreased investor confidence and eventually financial loss. Years of hard work and investments lost in a few moments.
Despite these, the employment of an internal role for a cybersecurity expert is seen as a burden cost.
Singapore companies prefer engaging in third party vendors missing this important point: a cybersecurity expert in the company plays a critical role in safeguarding the organization’s data, systems, and reputation from cyber threats. Why?
The cybersecurity role can:
- Better see the missing gaps and area of improvements.
- Work with the vendors, business department, developers and operational team to have the best outcome for the organization while maintaining the security requirements under check.
- Create the security blueprints to assure that security best practices are followed in current and future projects.
- Educate and train users because a company may not have the latest technology or protection systems, but well-trained staff and strong processes can be the solution.
- And much more.
The Digital transformation has to be done with security in mind for the organization growth and for the organization’s services and products.
What is the impact of a data breach for a simple consumer?
We are concern about our sensitive data like medical records or credit card numbers or IC details.
This is not good enough. Singaporeans are active targets for scammers, phishing attacks, etc. for these reasons:
- Our pension system – we all need to save and possibly invest our money to retire one day.
- Our working environment – anyone can be laid off at any moment and for this reason we need to have some savings for these circumstances.
- Our health system – we need to pay when we get sick. We may have stipulated several insurances but not everything is covert.
Where do we put our money? Obviously, in bank accounts. And how do we pay? Digitally.
Getting to our bank accounts is a lucrative operation for hackers and scammers.
And how do these individuals try to hook us? Through our emails, phone calls, SMS, social media platforms. So, as you can understand, a valid email and mobile number with a name can be a good resource for potential attacks.
In conclusion, a data breach is always bad news and if it involves consumers’ data then our details could end up in the dark internet and sold to be used for any sort of attacks. It is responsibility of companies to keep our information safe, not only the sensitive data and our right to obtain it.
I hope you found this article interesting. If so, please share it with others.
“Knowledge is Power but without Actions is useless.”
Roby Osamu
