SINGAPORE: Almost half of organisations, or 46 per cent, in Singapore "did not fully inform" customers when their personal data was compromised in a cyberattack, a CyberArk study released on Monday (Dec 18) revealed.

According to the cybersecurity company's second instalment of its Global Advanced Threat Landscape Report 2018, the implications of this finding is "significant" as they include potential loss of future customers and severe regulatory penalties.



The study found that 58 per cent of Singapore respondents indicated that potential partners do assess their security programmes before doing business with them, while 53 per cent said potential customers also consider security in advance.

As for the regulatory landscape, CyberArk noted that with the new proposed legislation from the Personal Data Protection Commission (PDPC), organisations need to adhere to mandatory reporting of data breaches.

“In the light of new proposed legislation from the PDPC and Cybersecurity Bill, the latest set of findings – specifically that nearly half (46 per cent) of Singapore respondents reporting that their organisations have not always been fully transparent with customers when their personal data was compromised in a cyberattack - reveal that companies must overhaul their approach to avoid potential loss of future customers and regulatory penalties,” said the company's vice president of Asia Pacific Vincent Goh.



The local findings were culled from a wider survey polling more than 1,300 IT security decision-makers, DevOps and app developer professionals and line of business owners across seven countries including Australia, UK and the United States, the company said. Of these, 150 surveyed are from Singapore.





The survey also found that 53 per cent of the Singapore respondents believe their organisation is susceptible to carefully crafted attacks, such as a phishing attempt that targets a company executive.

Additionally, 36 per cent believe that online attackers cannot be prevented from breaking into their internal network.

The cybersecurity firm's findings came on the heels of news that 380,000 Singapore Uber riders' and drivers' personal information were compromised by the 2016 data breach that affected 57 million users worldwide. The ride-hailing company had in November revealed that its employees had suppressed information of the data breach by paying US$100,000 for the hackers to destroy the stolen information.

CyberArk also pointed out that the PDPC had taken ION Orchard property manager, Orchard Turn Developments, to task over a breach involving the personal data of its customers, fining it S$15,000.