The Singapore Parliament passed the Cybersecurity (Amendment) Bill (the Bill) on 7 May 2024, amending the Cybersecurity Act 2018 (the Act). The Act is Singapore’s legal framework for the supervision and maintenance of national cybersecurity by the Cyber Security Agency of Singapore (CSA), setting out measures to prevent, manage and respond to cybersecurity threats and incidents, and the Bill seeks to extend the scope of the Act over new technologies and business models that have emerged over the past few years.

In this PodChats for FutureCISO, Gaurav Keerthi, head of Advisory and Emerging Business at Ensign InfoSecurity, shares his views on what the amendment bill means to organizations in Singapore, and perhaps to those that operate in the ASEAN region.

1. Can you give us a background of the CSA-proposed Cybersecurity Amendment Bill? What are the main regulatory changes proposed and new requirements?

2. What will be the projected effects (both positive and negative) of this new law on Singapore enterprises? [Singapore CCOP]

3. Outside of the banking and financial services industry who follow stringent cybersecurity regulations, what kind of enterprises (type of businesses) will be most affected by such regulatory changes?

4. Speaking of compliance, what steps can enterprises take to comply with new requirements and regulations? To what extent will the amendments require changes in how organisations currently cybersecurity practices?

5. Singapore has led the ASEAN region when it comes to cybersecurity readiness. How do you see these developments in Singapore influencing other regulators in ASEAN?

6. Finally, what is your advice for CISOs and CIOs as it relates to processing cybersecurity regulations in the years to come?