The Cyber Security Agency of Singapore (CSA) will launch a scheme in May 2023 to develop cybersecurity health plans with funding support for small-medium enterprises (SMEs). The scheme will see cybersecurity consultants take on the role of the SMEs’ “Chief Information Security Officers” (CISO), akin to providing a CISO-as-a-Service (CISOaaS) to SMEs facing manpower constraints in hiring cybersecurity personnel.
CSA aims to encourage SMEs to improve their cyber defenses by going for cyber health “checkups” and developing cybersecurity health plans while working towards national cybersecurity certification, such as attaining CSA’s Cyber Essentials mark.
The scheme seeks to alleviate some common challenges SMEs face in implementing cybersecurity measures, such as:
- Lack of in-house cybersecurity staff to address cybersecurity risks
- A wide range of cybersecurity solutions and providers in the market making it challenging for SMEs to prioritize what to implement first
- Rising business costs
CSA will support SMEs by co-funding up to 70% of their costs for engaging cybersecurity consultancy services for the first year. The scope of services will be pre-defined, with an emphasis on baseline requirements to attain the Cyber Essentials mark, which in turn provides SMEs’ partners and clients with greater assurance as they digitalize. The scope of services includes helping SMEs secure digital assets, protect systems against viruses and malware, improve employees’ cybersecurity awareness and respond to cybersecurity incidents.
CSA will help SMEs mitigate the uncertainty of hiring vendors by having a list of onboarded cybersecurity consultants. Onboarded consultants are evaluated by CSA on their capacity and capability, as well as cost-effectiveness. SMEs will also be able to compare offerings from different consultants and decide which one best addresses their needs and concerns. The appointed consultant will then analyze the SME’s cybersecurity posture and tailor a cybersecurity plan for the company.