Straitstimes.com header logo

Forum: Steps taken to raise cyber security standards

Sign up now: Get ST's newsletters delivered to your inbox

Follow topic:

We thank Mr Zulkifli Jalil for highlighting that cyber security must extend beyond an organisation’s own systems to include its vendors (

Hold vendors to same high cyber security standards, or they may become weakest link

, April 14), and agree with his views.

The Monetary Authority of Singapore (MAS) expects all financial institutions to put in place stringent controls to protect any customer information that they disclose to their third-party vendors.

These vendors would include printing agencies like Toppan Next Tech. Financial institutions are expected to regularly review and affirm that the controls of their vendors are adequate to safeguard the confidentiality of customer information.

Even with the appropriate controls, occasional breaches may still occur. Where there is an unauthorised disclosure of customer information by a vendor, the financial institution must act quickly to mitigate the impact to its customers.

This means preventing further loss of customer information, and communicating with customers promptly to advise them on what they need to do to prevent the information from being exploited.

The Cyber Security Agency of Singapore (CSA) advises all organisations to ensure that their third-party vendors with access to sensitive data have adequate cyber security measures to protect themselves against cyber attacks, help mitigate the impact, and facilitate recovery.

Organisations offering services as vendors should consider obtaining CSA’s Cyber Essentials or Cyber Trust marks. These are national cyber security standards that help organisations prioritise the measures to be implemented. These certifications signal an organisation’s commitment to robust cyber security practices, enhancing its reputation and trust among customers.

CSA is also assessing the possibility of requiring vendors to obtain CSA’s Cyber Essentials or Cyber Trust marks before they can be licensed, or bid for government contracts that will grant them access to sensitive data or systems.

Organisations can get help with implementing cyber security measures aligned to the Cyber Essentials mark from CSA’s Chief Information Security Officer-as-a-service scheme. CSA offers up to 70 per cent co-funding for eligible SMEs. 

CSA and sectoral agencies like MAS will continue to work closely with the industry to raise cyber security standards. All organisations, including vendors, should take a proactive approach to protect themselves and their customers from cyber threats.

Connie Lee
Director (Communications and Engagement)
Cyber Security Agency of Singapore

Lu Xinyi
Director (Corporate Communications)
Monetary Authority of Singapore

More on this topic
Forum: What readers are saying
See more on

E-paper

Newsletters

Podcasts

RSS Feed

About Us

Terms & Conditions

Privacy Policy

Need help? Reach us here.

Advertise with us

Download the app

Get unlimited access to exclusive stories and incisive insights from the ST newsroom
Subscribe Placeholder
MDDI (P) 046/10/2025. Published by SPH Media Limited, Co. Regn. No.202120748H. Copyright © 2025 SPH Media Limited. All rights reserved.