The Asian city-state's regulator wants measures to improve cyber-security at financial firm to become law, a sign of how seriously it sees the problem.

Singapore’s main financial regulator is seeking views from wealth managers and other financial services firms on its measures to thwart cyber-attackers, a growing menace in recent years. It wants to make a set of security rules legally binding. A consultation on the ideas runs until 5 October.

The consultation is focused on the measures the Monetary Authority of Singapore wants financial institutions to put into action. 
MAS wants its recommended measures to be a “baseline hygiene” standard.

The six measures are to: address system security flaws in a timely manner; establish and implement robust security for systems; deploy security devices for securing system connections; install anti-virus software; restrict the use of system administrator accounts; and strengthen user authentication for these accounts on critical systems.

“The proposed notice on cyber-hygiene seeks to strengthen the overall readiness of all financial institutions to address cyber threats by delineating a clear and common cyber-security waterline for the financial industry. This will help ensure that our financial sector as a whole continues to be resilient to cyber threats,” Tan Yeow Seng, chief cyber-security officer, MAS, said.

The Asian city-state, along with other jurisdictions, is fighting cyber-crime at a time when hackers have breached banks, government bodies and companies, compromising millions of accounts. 

According to the Ponemon Institute, a US-based organisation exploring security and related issues, the global average cost of a data breach has this year risen by 6.4 per cent from a year ago to $3.86 million. The average cost for each lost or stolen record containing sensitive and confidential information also increased by 4.8 per cent year-over-year to $148. The institute’s 2018 Study on Global Megatrends in Cybersecurity, based on comments from 1,100 industry figures, showed that 67 per cent believe cyber extortion, such as ransomware, will increase in frequency and payout. Less than half of IT security practitioners surveyed believe they can protect their organisations from cyber threats. That is down from 59 per cent three years ago.

Among recent incidents was that affecting British Airways. Customers of BA were left having to cancel their credit cards after a 15-day data breach compromised around 380,000 card payments. The airline said that criminal activity had compromised the personal and financial details of clients. The number of payments compromised could run to up to 400,000 people (source: Daily Telegraph, 6 September). “British Airways is investigating, as a matter of urgency, the theft of customer data from its website, ba.com and the airline’s mobile app. The stolen data did not include travel or passport details,” the airline said, while not disclosing the number of accounts breached.

In 2014, 76 million JP Morgan client accounts were breached, although the bank at the time said it found no evidence of theft.