70 per cent of Singapore listed companies have little or no exposure to cyber threats, compared to the 45 per cent global average across stock market indices in 11 countries. This is according to the findings from Cyber Intelligence House’s latest Cyber Exposure Index (CEI), the world’s first proprietary global scoring system that evaluates exposure of listed companies according to signs of disclosure of sensitive information, leaked credentials and hacker-group activity.
With 481 out of 677 listed companies showing no identified exposure risks between October 2017 and October 2018, and only 28 (4 per cent) deemed to be in the high risk category, Singapore https://cyberexposureindex.com/cyber-exposure-index/?country=Singapore) ranks among the top three countries with the lowest average exposure score, after Indonesia and Hong Kong.
The CEI aggregates data on more than 6000 listed companies collected from publicly available sources in the dark and deep web and from data breaches, and ranks them according to the number of findings and the risk that the findings represent, divided by the number of employees. Scores range from 0 for companies with no exposure over the past 12 months to 300+ which represent the top 10 per cent most exposed companies globally.
On the other end of the spectrum, countries that were found to have the highest risk of cyber exposure were United States, United Kingdom, and Finland. Other markets also covered in the study include Australia, Germany, Italy, Malaysia and South Africa.
Cyber exposure – the extent of a company’s data already revealed by or to hackers – is the best predictor of the likelihood and intensity of cybercrime against that company in the near to mid-term. “Any level of cyber exposure, even if it if poses no immediate danger, can be damaging as it sows the seeds of sabotage. The growing interconnectivity of companies and complex dependency networks is creating expanded attack surfaces and endless virtual entry points that not only increases the threats of data breaches exponentially, but also the
magnitude of the impact. It is therefore imperative for companies to know how cyber exposed they are,” said Mikko Niemela, CEO of Cyber Intelligence House.
Based on the results of the study, Cyber Intelligence House expects to see a dramatic increase in the exposure levels of companies across most industries with the accelerating pace of digital transformation across the world.
“Mitigating data breaches begins with understanding where the critical information is stored, from where is it leaking and how it is exposed. The Cyber Exposure Index is the first step in this remediation and mitigation process by identifying existing threats and making them transparent to help companies who want to employ a proactive approach to identifying these loopholes within their organisations. It also helps investors compare the risk level between companies to make more informed decisions to grow their investment portfolios,” said Niemela.
The CEI’s definition of exposure encompasses disclosure of sensitive information (e.g. internal communications and top-level memoranda), exposed credentials (e.g. usernames, passwords, or other information that may allow unauthorised persons to access restricted systems), and hacker group targeting (including coordinated, ideologically motivated attacks by so-called “hacktivists”).
With this initial snapshot of their cyber exposure over a 12-month period, organistions have the option of commissioning detailed CEI reports on the volume and severity of their exposure, as well as comparisons with other companies for competitive benchmarking.
CEI allows for fair and independent comparison of cyber exposure risks of companies worldwide and is updated regularly on a quarterly basis with research data provided by Cyber Intelligence House. Models used in the index are developed by an independent CEI research group consisting of security researchers and academic professionals from Singapore Management University, National University of Singapore, INSEAD and Tampere University of Technology.
More information on country, industry or company specific scores can be found at https://cyberexposureindex.com
About Cyber Intelligence House
A leading independent Singapore based cyber intelligence company specialising in the detection and monitoring of cyber exposure from the darkweb, deepweb and data breaches Cyber Intelligence House helps organisations understand risks by discovering their current cyber exposure. The company was founded by seasoned professionals with over 20 years of experience in the cyber security field and partners universities and international law enforcement agencies such as Interpol in information sharing and training.