New Licensing Requirements for Cyber-Security Service Providers in Singapore

October 2021

The Cyber Security Agency of Singapore (CSA) has announced that Cyber-Security service providers will have to be licensed by early 2022 to continue operations. As these providers help to verify if businesses are vulnerable to hacking and monitor information technology systems for suspicious activities, licensing will give greater assurance of safety to customers and raise the quality of the providers.

This move comes after a mid-year report from CSA found that cyber threats in Singapore have risen. For example, the number of devices with internet access that are infected with malware, also known as “zombie” devices, which can be controlled by hackers to launch cyber-attacks, have tripled their numbers here amid the Covid-19 pandemic. An average of 6,600 malware-laced devices, also called botnet drones, were observed in Singapore in 2020 on a daily basis, a big jump from 2,300 in 2019.

For a start, CSA will license only two types of service providers, namely those providing penetration testing and managed security operations center monitoring services. These two services are prioritized because service providers performing such services can have significant access to their clients’ computer systems and sensitive information. In the event that the service is abused, the client’s operations could be disrupted. In addition, these services are already widely available and adopted in the market, and hence have the potential to cause a significant impact on the overall cybersecurity landscape.

All providers of the licensable cybersecurity services, regardless of whether they are companies or individuals directly engaged for such services or third-party vendors that support these companies, will need to be licensed. The license, new or renewed, would be valid for 2 years and cost SGD 1,000 (USD 741) for business entities and SGD 500 (USD 371) for individuals, such as freelancers or a sole proprietorship, to obtain. However, licenses can also be revoked or suspended, and errant companies or individuals can be fined up to SGD 10,000 (USD 7,416) for each failure to comply, up to a maximum of SGD 50,000 (USD 37,081).

(Sources: Cyber Security Agency of Singapore; The Straits Times)

Our Services

Orissa International provides consulting services to companies that want to develop a market entry strategy for Southeast Asia or implement their business expansion into the region. We have very strong domain knowledge of markets and industry sectors, and a business network of over 16,000 distributors, resellers, and system integrators, built through advising and guiding more than 5,000 companies with their market expansion into Singapore, Malaysia, Indonesia, Thailand, Vietnam and the Philippines over the last 25 years.

Understand the Market

Market Research
Go-to-Market Strategy
Competitor Analysis

Enter the Market

Finding Distributors
Business Matching
Exhibitions & Trade Missions

Grow Your Business

PEO & Employer of Record
Lead Generation
FDI & Site Selection

Support Services

Global Sourcing
Export Promotion
Investment Attraction

Related Articles by Sector
Defense/Aerospace
Indonesia

New Defense Holding Company to be Formed..

Malaysia

SIA Engineering Company Signs MoU to Dis..

Philippines

Ecozone Authority Pushes for the Establi..

Thailand

Mu Space Opens First Satellite Manufactu..

Vietnam

Viettel’s Company Joins Global Aerospa..

Related Articles by Country
Singapore
Agrifood

New App to Help Fish and Shrimp Farmers ..

Economy

Singapore Loses Top Spot Among Asia-Paci..

Energy

Singapore’s First Multi-Energy Filling..

Environment

Singapore and International Hydrographic..

Healthcare

TE Asia Healthcare Partners to Expand Sp..

ICT

Singapore among Top Five Data Center Mar..

Infrastructure

Industry Partners to Develop Liquefied H..

Manufacturing

Swedish Oatly Partners with Yeo’s for ..

Retail/FMCG

AImazing Launches Analytics Software to ..