Search for:

The Singapore Government announced earlier this year that a new, standalone Cybersecurity Act will be tabled in Parliament in 2017. On 26 October 2016, the Minister for Communications and Information, Mr Yaacob Ibrahim, provided a further glimpse of the impending laws. The Minister was speaking at the Financial Times Cyber Security Summit Asia Pacific held in Singapore.

The new Cybersecurity Act will institute standards for incident reporting, audits and risk assessments. It will also facilitate the sharing of cybersecurity information, and mandate the participation of critical information infrastructure operators in cybersecurity exercises.

Importantly, the Government envisions that the new Act will complement the existing Computer Misuse and Cybersecurity Act, which will continue to govern cybercrime investigation.

The Minister also observed that businesses need to spend more on cybersecurity, to keep pace with increased digitisation. At present, the Government is the largest contributor of cybersecurity expenditure. It plans to further increase its cybersecurity spending to 8% of its information technology budget.

The Minister’s speech follows Singapore Prime Minister Lee Hsien Loong’s recent announcement that the country will embark on a new cybersecurity strategy, which seeks to construct a more robust cyber environment for Singapore.

The Government’s latest policy initiatives come in the wake of increased cybercrime in Singapore. Recently, local telecommunications provider Starhub suffered two broadband service outages that were the result of malicious distributed denial-of-service (DDoS) attacks on Starhub’s domain name servers (DNS). As a result, some customers temporarily faced intermittent broadband access.

In view of the growing threat of cybercrime, more companies in Singapore are looking to obtain cyber insurance coverage. Local insurance companies report a marked increase in enquiries on cyber insurance policies. Given the high financial and reputational costs of remedying cybersecurity breaches, this surge in demand comes as no surprise.

While the actual take-up rate of cyber insurance policies remains modest, it is likely that the adoption of such policies will become ubiquitous as companies strengthen their cybersecurity frameworks.

It will be interesting to see if the Government provides further information on the impending Cybersecurity Act, such as whether critical information infrastructure operators will be subject to mandatory reporting obligations, and the extent to which these obligations, if any, may extend across all business sectors.


Andy Leck is the managing principal of Baker McKenzie.Wong & Leow. Mr. Leck is recognised by the world’s leading industry and legal publications as a leader in his field. Asian Legal Business notes that he “always gives good, quick advice, [is] client-focused and has strong technical knowledge for his areas of practice”. Alongside his current role as managing principal, Mr. Leck has held several leadership positions in the Firm and externally as a leading IP practitioner. He currently serves on the International Trademark Association's Board of Directors and is a member of the Singapore Copyright Tribunal.


Ren Jun is an associate principal of Baker & McKenzie.Wong & Leow. Ren Jun extensively represents local and international intellectual property-intensive clients in both contentious and non-contentious IP matters, such as anti-counterfeiting; civil and criminal litigation; commercial issues; regulatory clearance; and advertising laws. Ren Jun also advises on a wide range of issues relating to the healthcare industries. These include regulatory compliance in respect of drugs, medical devices, clinical trials, health supplements and cosmetics; product liability and recall; and anti-corruption. Ren Jun is currently a member of the Firm's Asia Pacific Healthcare ASEAN Economic Community; Product Liability and Regulatory Sub-Committees.