Data incidents in public sector up 10% with 201 cases reported in 2023
Cases that had minimal impact on agencies, individuals or businesses make up a major share
THE public sector reported 201 data incidents in 2023, up 10 per cent from 182 cases the year before, as data usage among agencies rose due to increased digitalisation.
Improved awareness among public servants of the need to report incidents may have also led to the rise, said the Ministry of Digital Development and Information (MDDI) on Tuesday (Jul 30).
Cases that had minimal impact on agencies, individuals or businesses made up a major portion with 172 incidents reported last year. Such cases have been rising steadily since 2021, when 126 cases were recorded.
Meanwhile, medium-severity cases – or those that pose minor inconveniences to parties affected – fell to 29 cases last year, compared with 46 in 2022.
MDDI attributed this mainly to the progressive implementation of security processes and technical measures, as well as more awareness of data security among the public sector.
For the fourth consecutive year, there were no incidents classified as high, severe or very severe. These incidents are those that can damage national security or public confidence, as well as affect businesses and cause emotional distress to individuals.
BT in your inbox
Start and end each day with the latest news stories and analyses delivered straight to your inbox.
The figures were released on Tuesday in MDDI’s annual report on the government’s personal data protection efforts.
The report, which also included measures taken by authorities to improve security, is an initiative by the Public Sector Data Security Review Committee.
The committee was set up in 2019 to review how authorities secure and protect citizens’ data, after a spate of cybersecurity breaches.
MDDI said the public sector has implemented all 24 initiatives recommended by the committee between 2020 and 2024.
The recommendations range from improving cybersecurity and processes to detect and respond to data breaches in a timely manner, to raising public officers’ competencies in safeguarding their data.
As at end-March, government user accounts that are no longer needed have been automatically removed by the Central Accounts Management tool. The tool mitigates the risk of unauthorised access by former officers or exploitation by malicious actors, said the ministry.
Additionally, the government conducted an annual central ICT (information and communication technology) and data incident management exercise involving 31 agencies across four ministries in 2023.
Public officers are also required to attend data security e-learning modules, which were refreshed in February to include content related to new technologies and trends, such as phishing scams.
Copyright SPH Media. All rights reserved.
