The Singapore Government announced in 2016 that a new Cybersecurity Act will be tabled in Parliament this year. Following this, Singapore Prime Minister Lee Hsien Loong announced that the country will embark on a new cybersecurity strategy to strengthen Singapore's cyber environment and combat the growing threat of cybercrime. Shortly after, the Minister for Communications and Information, Mr Yaacob Ibrahim, provided a further peek into the impending legislation.
Yesterday, the Minister provided yet another glimpse into the impending cybersecurity law.
In an interview with the media, the Minister highlighted that a key focus of his Ministry this year would be the passage of the new Cybersecurity Act. The new cybersecurity law will grant the Government powers to audit the business sectors and organisations to ensure that they have cyber-defence systems in place. The Act will also define the Government's powers in dealing with matters such as large-scale cyber attacks and detail how the Government will work with businesses to handle such challenges.
Previously, the Minister had indicated that the new Act would implement standards for incident reporting, audits and risk assessments, facilitate the sharing of cybersecurity information, and mandate the participation of critical information infrastructure operators in cybersecurity exercises.
In this regard, it is unsurprising that the new Act will further delineate the Government's powers in relation to countering cybersecurity threats, although the extent of these powers remains an open question.
At present, under section 15A of the Computer Misuse and Cybersecurity Act, the Minister may, at his discretion, require the reporting of a breach or attempted breach of cybersecurity in relation to critical information infrastructure operators.
It will be interesting to see if the new Cybersecurity Act will introduce mandatory reporting obligations and if so, whether these obligations will extend beyond critical information infrastructure operators to all business sectors.
With the growing incidence and complexity of cybersecurity attacks in Singapore, it is critically important for businesses to be fully aware of their obligations under the law in the event of a breach. Companies should continue to be cognizant of the legal developments in this space and ensure that they comply with the new cybersecurity standards.