Parliament Sitting on 9 May 2022


36. Miss Cheng Li Hui: To ask the Minister for Communications and Information (a) whether the Government tracks the number of local companies which experienced cyber attacks over the past two years; (b) whether companies which have experienced cyber attacks are required to report to the authorities; and (c) what are the current measures to equip local companies with the capabilities to enhance cyber resilience and to deal with cyber attacks.


1. The Cybersecurity Act requires owners of computers or computer systems designated as Critical Information Infrastructure (CII) to report cybersecurity incidents1 related to CII to the Cyber Security Agency of Singapore (CSA). This enables CSA to monitor and safeguard the cybersecurity of CII, which are crucial to the continuous delivery of essential services. 

2. Beyond CII, CSA encourages all companies to report cybersecurity incidents to SingCERT at, even if the affected systems are not designated as CII. Doing so helps to augment CSA’s awareness of the latest threats, and allows us to alert other companies to minimise the risk of them falling victim to similar cyber attacks. 
3. In 2021, CSA received 1,238 reports of cybersecurity incidents from businesses, and other organisations. In the preceding year, CSA received 972 such reports. 

4. CII owners are required by the Cybersecurity Act to put in place measures to meet cybersecurity standards set by CSA.  This helps to safeguard CII against cyber attacks, and ensure their cyber resilience. For non-CII enterprises, in addition to SingCERT’s advisories and alerts, CSA launched the SG Cyber Safe Programme in 2021 to encourage and help companies strengthen their cybersecurity posture. As part of this programme, CSA recently rolled out a cybersecurity certification programme for enterprises – comprising the Cyber Essentials and Cyber Trust marks – to recognise enterprises that have implemented good cybersecurity practices. They are visible indicators for companies to differentiate themselves, and demonstrate that they have adopted the necessary cybersecurity measures to protect themselves and their customers. CSA has also developed cybersecurity toolkits for companies of various profiles to guide enterprise leaders and their employees on cybersecurity best practices. 

5. I encourage all companies to apply for the Cyber Essentials and Cyber Trust marks, and take advantage of the toolkits and resources available on CSA’s SG Cyber Safe website. 

1 The specific types of cyber incidents that CII owners are required to report to CSA are prescribed as part of the Cybersecurity (Critical Information Infrastructure) Regulations 2018.



Speech by Mr Tan Kiat How, Senior Minister of State, Ministry of Communications and Information, at the Official Opening of ShopBack’s New Office Space on 1 Jul 2022 Speeches Digital Readiness 01 Jul 22
Joint Announcement: U.S Department of Commerce and Singapore Ministry of Communication and Information Launch Partnership Program To Empower Women In Tech Press Releases Infocomm Media 28 Jun 22
Speech by Tan Kiat How, Senior Minister of State, Ministry of Communications and Information, at Official Launch of SG Translate Together Web Portal on 27 June 2022 Speeches Government Technology, Public Comms 27 Jun 22
Launch of SGTT Web Portal To Partner All Singaporeans And Improve Translation Standards In Singapore Press Releases Government Technology, Public Comms 27 Jun 22
Speech by Dr Janil Puthucheary, Senior Minister of State, Ministry of Communications and Information, at the Virtual Youth Cyber Exploration Programme Central Capture-The-Flag Competition Award Ceremony on 24 June 2022 Speeches Cyber Security 24 Jun 22
Opening Remarks by Mrs Josephine Teo, Minister of Communications and Information, at Graduation Ceremony and Launch of New Initiatives for ‘Upskill 2022’ , on 14 June 2022 Speeches Digital Readiness, Infocomm Media 14 Jun 22