SINGAPORE: CEOs and other decision-makers should be held accountable whenever a cybersecurity breach takes place, said Mr David Koh, chief executive of the Cyber Security Agency of Singapore (CSA) on Tuesday (Sep 18).
He observed that they “have not been held accountable” partly because such incidents are seen as a technical issue.
The boards of these affected companies have also not held CEOs responsible, Mr Koh added in comments made at a panel session held in conjunction with this year’s Singapore International Cyber Week conference.
His observations were shared by Mr Md Shah Nuri, chief executive of Malaysia’s National Cybersecurity Agency. In Malaysia, cybersecurity breaches are also regarded as a technical, rather than management, issue, the executive said, adding that companies tend to call his agency for assistance only after becoming victims of online attacks.
Organisations need to see cyberattacks as a business risk and leadership at the highest levels have to take accountability so "we can move the needle" on reducing the number of such incidences, Mr Koh said.
More caution shown for online transactions, but people still complacent about cyber threats: CSA survey
IN NEED OF “GENERATIONAL BOOTSTRAPPING”
He also said that cyber hygiene is “not being done sufficiently” today and there is a need to get the basics right. Cyber hygiene refers to basic practices such as enabling two-factor authentication when available, managing passwords securely and not clicking on suspicious Web links.
As an example, he cited phishing emails which play on human’s greed.
“The gap we have is in education; people don’t have the instincts for cybersecurity,” Mr Koh said.
“Our parents didn’t teach us the basics of cybersecurity when we were growing up … and we will need generational bootstrapping (to address this).”