Kinkayo, a cyber intelligence company, launched the world’s first Cyber Exposure Index (CEI); an established global scoring system that evaluates listed companies in a defined and comparable model, based on the number of findings and risk classifications.
Among the 11 markets examined in the Index, Singapore ranks in the top three in terms of average cyber exposure at a country level. Sixty per cent of companies evaluated in Singapore have little or no exposure, compared to the global average of 40 per cent. Meanwhile, other markets identified as leading in cyber security are Hong Kong (74 per cent) and Australia (69 per cent).
Kinkayo verifies data from publicly available sources, such as the dark and deep web, and from data breaches, to identify signs of sensitive disclosure, exposed credentials and hacker group activities against companies. The number of CEI score can be determined with the hypothesis of the greater the amount of uncovered data for a company, the higher the risk and therefore, the higher CEI score. Companies evaluated were given a score from 0 to 5, with 0 equating to no exposure and 5 given to the most exposed companies, based on identified exposure, from September 2016 to September 2017.
In Singapore, 723 SGX-listed companies were evaluated and given scores, with 31.7 per cent given a score of 0 (no exposure) and 30.4 per cent given a score of 1 (little exposure). Apart from Singapore, the other 10 markets in this study include Australia, Finland, France, Germany, Hong Kong, Indonesia, Malaysia, South Africa, Sweden and the United Kingdom.
Mikko S. Niemelä, President and CEO, Kinkayo, said, “As businesses leverage technology to become more digitalised, they will be challenged with new risks and threats. The reliance on the Internet – the perfect breeding ground for a host of cyber threats – opens doors to vulnerabilities. Companies must employ a proactive and transparent approach to identify these loopholes within their organisations.
“In the case of Singapore, more than six in 10 listed companies have done their due diligence to boost defences and ensure no loopholes in their organisations. By understanding where critical information is stored, from where is it leaking and how it is exposed, companies greatly mitigate the impact of a cyber attack. This is commendable and a right step towards building a transparent business environment.”
Data breaches – what kind of data and in which industry
According to Kinkayo, the types of company information most at risk is that regarding mergers and acquisitions, databases, intellectual property, registers and business and project plans. The company also identified industries that cybercriminals targeted most often in 2017, and how much data hackers made public.
For all countries evaluated, the biggest exposure tracked was in the manufacturing/industrial sectors.
“As there are more companies overall in this sector, it is expected that a large portion of exposure is in these industries. In addition, many companies in manufacturing may not have adequate security IT investment as compared to financial services or healthcare industries,” Mr Niemelä said.