The Cyber Security Agency of Singapore (CSA) will introduce a programme to create cybersecurity health plans with funding assistance for small-to-medium businesses (SMEs). The plan entails cybersecurity consultants serving as the “Chief Information Security Officers” (CISO) for the SMEs, like offering a CISO-as-a-Service (CISOaaS) to SMEs with difficulty employing cybersecurity staff due to a lack of manpower.
Through undergoing cyber health “checkups” and creating cybersecurity health plans, CSA hopes to inspire SMEs to strengthen their cyber defences and strive towards achieving national cybersecurity certifications like the CSA Cyber Essentials mark.
Tan Kiat How, Senior Minister of State for the Ministries of Communications and Information (MCI) and National Development, made the announcement during the most recent MCI Committee of Supply Discussion.
The scheme aims to alleviate some of the most common obstacles faced by SMEs when implementing cybersecurity measures, such as a) a lack of in-house cybersecurity personnel to address cybersecurity risks; b) a plethora of cybersecurity solutions and providers on the market, making it difficult for SMEs to decide what to implement first; and c) rising business costs.
For the first year, the CSA will give funding assistance to SMEs by co-paying up to 70% of their cybersecurity consulting fees. The scope of services will be pre-defined, with an emphasis on the basic requirements for achieving the Cyber Essentials mark, thereby providing SMEs’ partners and customers with greater assurance as they digitalise.
The scope of services encompasses assisting SMEs in securing digital assets, protecting systems from viruses and malware, enhancing employee cybersecurity knowledge, and responding to cybersecurity crises.
CSA will assist SMEs in mitigating the risk associated with employing vendors by providing a list of approved cybersecurity experts. CSA evaluates onboarded consultants based on their capacity, capability, and cost-effectiveness. In addition, Businesses will be able to compare the services of many consultants and select the one that best addresses their needs and concerns. The selected consultant will then assess the SME’s cybersecurity posture and develop a plan for the business.
The initiative is anticipated to commence in May 2023. On the CSA’s website, additional information regarding the qualifying requirements and the application process will be made available over time.
A Director of a law firm remarked that obtaining the Cyber Essentials certification was a worthwhile endeavour. They recognised the need of securing the home network, so they hired a specialist to install the necessary precautions. In addition, they have enhanced the processes by providing dedicated work computers that are not used for personal activities. Since everyone is now digitally connected, they have also advocated for the government to incentivise SMEs to strengthen their cybersecurity. Also, cyber essentials certification has made the company’s data safer and its clientele more confident.
CSA’s Cybersecurity Strategic Leadership Programme (CSLP) under the SG Cyber Leaders programme trains locals for cybersecurity leadership roles. The initial CSLP graduated from SMU early this year.
The CSA believes that the cybersecurity workforce must be strengthened as the economy digitalises and cyber threats rise in scope and sophistication. Skilled cyber leaders are needed to train the next generation of cyber talent for organisational cybersecurity responsibilities. Hence, Singapore needs a strong local cybersecurity leadership core to become an APAC cybersecurity powerhouse.
The CSLP will be held once a year, and its goal is to help current and future cybersecurity leaders gain a deep understanding of the global key drivers that shape cybersecurity strategies, foster a culture of innovation, and lead the cybersecurity functions in their organisations well.
