Singapore Markets open in 1 hr 1 min

Singapore sets up first commercial cyber risk insurance pool as regional threats grow

Janet Ong
Finance Editor
A man poses inside a server room at an IT company in this illustration photo. (Photo: Reuters/Athit Perawongmetha/Illustration)

Singapore announced the launch of the world’s first commercial cyber risk pool, a facility for providing cyber insurance to corporate buyers, as cyber attacks become more pervasive.

The pool, which will allow companies in Asean and Asia to be protected against cyber-related losses, was created with the Singapore Reinsurers’ Association and cyber specialist Peter Hacker, Minister of Finance Heng Swee Keat announced at the 15th Singapore International Reinsurance Conference on 29 October.

“On the insurance front, insurance coverage of cyber risks remains very low globally, due to a lack of historical data and intelligence to support risk assessment, underwriting and pricing,” said Heng. The minister also announced the setting up of the Global-Asia Insurance Partnership, a platform to bring together global insurance industry regulators and academia, to collaborate in risk management and insurance.

The Asean region’s growing strategic relevance and expanding digitalisation make it a prime target for cyberattacks, according to a report by ATKearney. Cyber resilience is generally low in these countries, which have varying levels of cyber readiness, it said. The top 1,000 Asean companies could lose US$750 billion (S$1.03 billion) in market capitalisation and cybersecurity concerns could derail the region’s digital innovation agenda.

Cybercrime was estimated to cost the global economy approximately US$3 trillion in 2015, and this is expected to double to US$6 trillion by 2021, according to a report by Cybersecurity Ventures.

Cybersecurity is a hot issue in Singapore after hackers earlier this year broke into SingHealth’s IT systems to steal the data of 1.5 million patients including records of outpatient medication given to Prime Minister Lee Hsien Loong in the biggest and most serious cyber breach. In 2013, Singapore encountered a series of cyber attacks allegedly committed by the hacktivist organisation “Anonymous”. A member known by the online handle, “The Messiah” claimed responsibility for the attacks.

The pool will commit up to US$1 billion in risk capacity, and will be backed by capital from traditional insurance, and insurance-linked securities markets to provide bespoke coverage, Heng said. Better risk pooling will mitigate the consequences of attacks. To date, 20 insurance firms have indicated their interest to participate he added.

The formation of the commercial cyber risk pool comes on the back of Singapore’s Cyber Risk Management Project in 2016 to create a framework to support robust underwriting and the pricing of cyber risks.

Singapore last month said it will invest S$30 million over the next five years in the newly set-up ASEAN-Singapore Cybersecurity Centre of Excellence to help develop the cybersecurity capabilities of Southeast Asian member states.

List of five biggest cyberattacks in Singapore:
1. SingHealth hacked
2. WannaCry Ransomware
3. Petya Ransomware
4. Mindef Cyber breach
5. K Box data breach
Source: Apvera


Related stories:

SingHealth cyberattack: Database administrator did not immediately recognise ‘serious security incident’

SingHealth cyberattack fits profile of ‘typically state-linked’ groups: Iswaran

Wave of cyber attacks coming, Nacsa warns Malaysian organisations