Cybersecurity is an ongoing challenge for Singapore businesses of all sizes.
Data shared by the Cyber Security Agency of Singapore (CSA)1 suggests reported ransomware cases rose by 20% and infected infrastructure rose by 67% in 2024. Globally, scams and frauds are on the rise.
It’s why Cyber Liability Insurance, paired with robust cyber security measures is so important. Delta Underwriting’s cyber policy provides policyholders with wraparound services that minimise the risks of a cyber-attack on businesses.
Cyber-attacks can cost companies thousands in forensics and legal fees, ransoms and reputational damage. While insurance is there to help protect businesses against these costs, more can be done to minimise the risks and to save money, stress and time in the event of a cyber-attack.
So which threats should Singapore business be on the lookout for in 2025 going into the new year?
Cybersecurity risks on the rise
Our Cyber underwriting and cyber insurance claims experts aren’t seeing entirely new threats. What they have noticed that ‘old crimes’ are becoming more sophisticated with new technology, and it’s catching businesses out.
Social engineering, upgraded
Artificial Intelligence (AI) is making ‘old-fashioned’ scams and frauds harder to detect. Poor grammar is no longer a good indicator of a scam email and AI is even being used to create deepfakes of CEOs and stakeholders to trick staff into handing over more data, sharing sensitive information or authorising payments.
System hacks
System hacks, where hackers gain unauthorised access or control over a computer system, are still one of the most common cyber-attacks we see. Often, system vulnerabilities are exploited so that hackers can steal important information (like customer data) and sell it on the dark web.
Poor response times
Endpoint Detection and Response (EDR) can sometimes generate false positives, but each alert or potential threat should still be carefully analysed. We’ve noticed that some vendors/External Service Providers (ESPs) or EDR users have not responded to EDR alerts quickly enough, resulting in avoidable breaches. This highlights a growing trend of over-reliance on third-party services, which can leave gaps in protection.
What is EDR?Endpoint Detection and Response (EDR) is a cybersecurity technology which monitors endpoints – physical devices connected to a network such as desktops and laptops – for evidence of threats. EDR technology is a step up from antivirus technology. EDR can monitor endpoints, hunt for as-yet-unknown threats, and automatically quarantine or remediate the threat before it spreads. While it is powerful technology, it is not a silver bullet and shouldn’t be used like a ‘set-and-forget’ system. Businesses should have more than one line of defence against cyber-attacks. |
Five tips for protection against cyber attacks
1. Check Multi-Factor Authentication (MFA) is applied everywhere
MFA has been around for decades, but many companies have inconsistently applied it. Weak spots could be work-from-home laptops accessing the system or external project management software.
MFA offers an extra layer of security. Even if a hacker gets hold of a password, they’re less likely to be able to access systems and information because they’re unlikely to be able to meet the second authentication requirement.
Companies should ensure they’ve got MFA applied as a compulsory measure on all system access points. Providing staff with a password manager tool that works for them can help improve MFA compliance.
.png?width=6000&height=125&name=Untitled%20design%20(3).png)
2. Audit systems regularly
Businesses should audit their systems regularly and ensure that all software, like operating systems, firewalls and routers, are patched and updated.
Third-party providers, such as Managed Service Providers (MSP), should also be audited to ensure the company is still getting the best services.
Look at what services the MSP offers and understand the limitations of liability. While many businesses don’t have a lot of leverage here, asking questions and understanding what services are (and are not) included can go a long way.
The short version: keep providers honest and take a hands-on approach to cyber security.
3. Implement and test backups
Ransomware attacks happen frequently, and they can have a huge impact on an organisation. Having (and testing) backups can minimise the problems caused by data and systems being stolen or disrupted.
Ensure that data and systems are backed up offline or to the cloud. These backups should be current and highly organised so that the company can easily and cost-effectively restore lost data and get back to work as soon as possible.
4. Run simulations
Just as organisations run fire drills, cyber simulations are a great way to test cyber readiness and preparedness.
When a cyber-attack occurs, companies need to react quickly to reduce the potential damage. Running a simulation provides dedicated time to practice the company’s response in that situation. It is also an opportunity to check that manuals and contact details are up-to-date and practical. Scenarios could include:
- Everyone working from home (using MFA and accessing systems safely from outside the office)
- A system failure requiring backups
- MSP leak results in the theft of clients’ private data
Simulations enable the company to be battle-hardened against cyber-attacks. It’s also an opportunity to educate the wider team. Research suggests that collaboration and enhanced crisis response capabilities will be important in defending Singapore against future cyber-attacks.2
5. Cyber security insurance
Point five is, of course, cyber security insurance. Insurance shouldn’t be a company’s first line of defence, but it is a key part of an organisation’s cybersecurity system. Delta’s cyber liability insurance includes access to benefits such as 24/7 rapid response from IT security experts and access to our panel of risk management partners.
While cybersecurity threats aren't a new challenge, they are becoming more sophisticated and they're costing companies more money. By being aware of the latest risks and tricks, and through taking regular action and precautions, businesses can reduce the risk and the costs associated with cyber-attacks.
The content of this document is illustrative and has been prepared without considering the insured’s objectives, financial situation or needs. Any coverage offered by Delta is subject to terms and conditions contained in and attaching to the policy. Please consider the appropriateness of the information, and importantly, review the policy wording with a broker before considering the product.
References:
1 https://www.csa.gov.sg/news-events/press-releases/a-decade-of-strengthening-singapore-s-cyber-defence-amid-escalating-threats/
2 https://govinsider.asia/intl-en/article/phishing-ransomware-and-infected-hardware-major-cyber-threats-for-singapore
/in.png)
