The Threat of Cyber Attacks: What’s at Stake for Companies?


Singapore is a highly connected country where key industries rely on a sophisticated and secured digital infrastructure.

The city-state is no stranger to cybersecurity incidents, where experts say these incidents occur as frequently as daily. Many of these incidents are handled well with no consequences, but some adventures place Singapore’s citizen and national interests at stake. One of the more prominent cases was the security breach experienced by the SingHealth database in 2018, which further emphasizes that Singapore is not immune to cyber-attacks.

With the rise of cybersecurity threats in the past several years, Singapore’s government is seriously taking these threats. It is reflected in the introduction of the Personal Data Protection Act (PDPCA) of 2012 by the parliament, mandating entities part of the country’s key industries, also known as Critical Information Infrastructure (CII) sectors, to set up their adequate cybersecurity measures to protect any customer data stored digitally. Sectors included in the CII are Government, Information communication, Energy, Aviation, Maritime, Land transport, Healthcare, Banking & Finance, Water, Security & Emergency, and Media. Companies under these 11 CIIs will not want to be short of its cybersecurity measures, as they will be audited regularly by the Cybersecurity Agency of Singapore (CSA), an independent cybersecurity regulator managed by the Ministry of Communications and Information.

Any breach of Parts III to Parts VI of the PDPCA can result in fines of up to SGD 1 million. Since its introduction, fines imposed on businesses of all sizes for breach of the PDPCA acts, including well-known companies such as ride-hailing company Grab and SingHealth. Recent amendments to the PDPCA submitted in October 2020 might see a stiff increase in the maximum penalty for breach incidents, which is up to 10% of annual company turnover or SGD 1 million, whichever is higher. Once the new amendments passed in Parliament, the revised penalty cap can substantially increase for those whose turnover exceeds SGD 10 million, compared to the highest ever fine imposed to date, amounting to SGD 750,000 to the Integrated Health Information System in 2018.

Despite the fines, other consequences are not quantifiable. Cybersecurity attacks involving compromised customer data will make it to the news headlines. Extensive media coverage on such incidents will eventually erode the trust of loyal customers. Particularly in incidents where companies responded slowly or denied a breach in the first place, the effects may be even more challenging to recover. After all, trust is one of the most important assets a business can have, and as such, should not put at risk by having inadequate cybersecurity measures.

Considering the tightening of cybersecurity-related regulations, reputation consequences, and the ever-growing threat of cyber-attacks, make sure your business’ digital infrastructure is well-prepared and maintained by cybersecurity experts. If you are looking for a reliable cybersecurity partner, talk to our experts in Quantum. Our approach unifies cybersecurity and risk management across your entire organization using a robust, flexible, and easy-to-understand security lifecycle platform.