Cyber security challenges for Singapore_SiTF CXO Breakfast Talk with Mr David Koh on 28 July 2015


Cyber security is no longer the sole province of chief information officer or IT managers. The potential loss in reputation and business that could result from cyber attacks means that chief executives and board directors should be equally familiar with cyber security risks just as they are with the financials of their organisations.

Mr David Koh, the chief executive of the Cyber Security Agency  (CSA), said senior management has to expand their knowledge of this issue because Singapore is becoming increasingly connected, resulting in a corresponding elevation in exposure to cyber risk, especially as Singapore transforms itself into a Smart Nation.

He said, “Internet connectivity will go up. So we’ve to manage the risks so that we can reap the full benefits of technology.”


Mr Koh was speaking at a breakfast forum organised by the SiTF at the Grand Copthorne Waterfront Hotel on July 28. After his 30-minute speech, he also took several questions from the attendees ranging from the level of awareness of cyber security here, to whether Singapore can be a hub for the industry.  About 100 senior executives attended the forum.


Pointing to the cyberattack on American retail store Target in 2013, he said personal details of 45 million credit and debit cards were stolen.  Target had to pay US$10 million to settle the class-action lawsuit as well as US$10,000 each to those who were defrauded because their stolen information was used for unauthorised purchases.Consequently, Target’s CEO Gregg Steinhafel had to step down following this massive data loss.


Singapore companies and CEOs should learn from this lesson, he said, as they may face similar consequences if their organisations came under a cyber attack.  

He also warned that the nature of cyber security threats are not regional but international. He said, “It doesn’t matter if you’re the best at protecting your organisations and assets in Singapore or in the region. It’s not relevant. Cyber security is an international Olympic sport and Singapore businesses just have to be the best in the world to win a gold in cyber security defence.”

The breakfast talk was Mr Koh’s first industry event in Singapore since his appointment as CSA Chief Executive earlier this year. The agency is four months old and has about 100 employees. Reporting to the Prime Minister’s Office, CSA is the national body providing dedicated and centralised oversight of Singapore’s cyber security functions.  It’s priorities are to strengthen the cyber security posture of critical sectors, such as transport, banking and energy, industry development as well as education and outreach to various stakeholders to build a robust cyber security eco-system.


Giving his report card on the state of cyber security in the private sector, he said the level of awareness is still low. He quoted research findings which showed that while Singapore has high internet usage and broadband penetration, the usage of security tools, even basic ones like anti-virus software and firewalls, are not high.

He stressed that businesses must understand that security is an enabler that will allow them to leverage on the benefits that technology brings and not be merely viewed as a cost driver.


His advice for companies is to set aside a dedicated budget for cyber security. As an example, he said some governments have mandated that public sector agencies spend between eight and 10 per cent of their IT budgets on cyber security.


“This is a reference point and board members can use it to ask of their CEOs when it comes to security budgets.”


Cyber security awareness must also be raised among employees. A resource that Mr Koh recommended is the website.  This is a local website where employees and small and medium-sized enterprises as well as other Internet users can learn about cyber security dos and don’ts including, social networking safety tips and  types of common cyber threats..


This website is set up in 2008 to create greater awareness of cyber security and to promote the adoption of cyber security practices amongst users. The website is supported by the Cyber Security Awareness Alliance. CSA will be the new co-chair of the Alliance, together with SiTF.


Highlighting the shortage of cyber security professionals, Mr Koh said that the Government is working with tertiary institutions to train more cyber security professionals.


He stressed that current IT and cyber security professionals must also upgrade themselves as the security threat landscape and technologies evolves rapidly.


To  better deal with the cyber security threats, the Government’s strategy is to collaborate with the private sector including local and foreign security companies. Plans are also underway to roll out community and industry engagement to create cyber security awareness among people.


The CSA will also organise GovWare 2015, a technology showcase and conference on cyber security for the public sector. This will be held on Oct 6 to Oct 8 this year.


Mr Benjamin Mah, chief executive of mobile security start-up V-Key who attended the breakfast meeting, said that the CSA is a great initiative that strengthens Singapore’s trust brand and positioning to be a trusted e-government, smart nation and fintech hub.


“Everyone is online and everyone is vulnerable. I’m glad Singapore has recognised this and is taking firm action towards cyber security,” said Mr Mah.