Big corporations have a responsibility to put pressure on their supply chain in order to get small and medium-sized enterprises (SMEs) tuned into cyber risk and improve their resilience against cyber threats, delegates at the 2nd Asia Cyber Risk Summit were told yesterday.
Mr Vincent Loy, PWC’s Asia-Pacific Financial Crime & Cyber and Data Analytics Leader, said SMEs remain low hanging fruits for cyber criminals which target the SMEs as an entry point to the bigger companies. However, SMEs often lack understanding of cyber threat which ranks low on their list of priorities.
“Cyber is often not even in their top-3 priorities because they have to grapple with things like labour crunch…and many SMEs in Singapore also have a perception the government will protect them with regards to cyber,” he said.
Mr Ashish Thapar, Managing Principal – Investigative Response at Verizon Enterprise Solutions, added the slow take-up rate of cyber insurance amongst SMEs is also due to a benign regulatory environment and a lack of understanding of what is being offered.
Speakers also raised the importance of information sharing at both the corporate and state level as an effective way to combat cyber threat.
"The more people share, the better our defence against cyber threat would be," said Mr Loy. However, he acknowledged there are hindrances to collaboration amongst various actors – including geopolitical tensions.
“Because of international politics, rules on cyber security are disparate and there is no true convergence as one country may not want to work with the other,” he said.
Prof Shaun Wang of the Insurance Risk and Finance Research Centre, Nanyang Business School, who heads a coalition on cyber risk management in Singapore involving academia, the insurance industry and the public sector, believes a collaborative approach is the only way to build a resilient digital eco-system where trust is embedded in the economic chain.