The almost blase tone of the SingHealth group chief executive Ivy Ng comment to the Committee of Inquiry (COI) report was disappointing on several counts (Probe report on SingHealth data breach points to basic failings; Jan 10).

She said: "Since the incident, we have reinforced the culture of personal ownership of cyber defence so that every staff is empowered to identify and report cyber-security threats."

• Since the breach last year, little has been said by the board or the CEO.

• Doesn't the release of the report warrant a press conference, so that the top management can field questions? It is disconcerting that, notwithstanding public pronouncements, no one at the top appears to be taking responsibility, even with the damning COI statement that "the IT cyber-security team could not even recognise a security incident".

The public deserves a more substantive response from those at the top, with an outline of the specifics of the steps that have been taken since the reported incident.

Danny Chow