David Koh, Singapore’s first cybersecurity chief, retires on July 1

SINGAPORE – Singapore’s first cybersecurity chief is retiring on July 1, 2026, after 11 years of helming the Cyber Security Agency of Singapore, and 42 years in public service.

David Koh, 61, has served as the founding chief executive of CSA since April 2015. He has also concurrently been the Commissioner of Cybersecurity since 2018.

Replacing Koh is senior civil servant Gwenda Fong, 48, who was deputy secretary for digital society and development at the Ministry of Digital Development and Information (MDDI) from January 2023 to March 2026.

She brings over 20 years of public sector experience in technology, security and social policy.

Thanking Koh, Permanent Secretary (Digital Development and Information) at MDDI Chng Kai Fong said: “David has built CSA from the ground up and set Singapore on a strong footing in cybersecurity – from establishing our national frameworks and legislative foundations, to positioning Singapore as a trusted and respected voice in international cyber diplomacy.”

Chng added: “His dedication and visionary leadership have created a strong foundation for CSA’s continued success in the many years to come.”

Throughout his tenure at CSA, Koh spearheaded numerous initiatives that strengthened Singapore’s national cybersecurity framework.

This included the development of Singapore’s Cybersecurity Strategy in 2016. It is a blueprint for cybersecurity policy, covering the protection of critical infrastructure, cyber defence capabilities and workforce development.

A strategy update in 2021 include working with private sector firms to offer plug-and-play cybersecurity tools to consumers, and enhancing international cooperation.

Koh also oversaw the establishment of the Cybersecurity Act in 2018 to require operators of critical information infrastructure to meet cybersecurity standards and report serious cyber incidents. The law was amended in 2024 to also cover key digital services and third-party providers whose compromise could disrupt essential services.

He kept a tight watch over emerging technologies, having developed Singapore’s approach to artificial intelligence security and quantum threats in his capacity as MDDI Chief (Digital Security and Technology) from January 2022 to May 2026, and Chief Quantum Advisor from August 2025 to May 2026.

On the talent development front, Koh fronted many initiatives including CyberSG Talent, Innovation and Growth Collaboration Centre – which supports cybersecurity talent and start-up development - and the CyberSG R&D Programme Office, which drives cybersecurity research and commercialisation.

A crisis manager, Koh led Singapore out of 2018’s SingHealth breach, where hackers stole the personal data of 1.5 million patients, and 2025’s attack by UNC3886, a sophisticated cyber espionage group, on Singapore’s critical infrastructure.

Globally, Singapore became a leading voice in cybersecurity policy and governance under Koh’s leadership. He shaped Singapore’s international cyber engagement strategy, and paved the way for the country’s participation in the United Nations Group of Governmental Experts on ICT security from 2019 to 2021. Singapore also chaired the UN Open-Ended Working Group on cybersecurity from 2021 to 2025.

Koh launched the Singapore International Cyber Week in 2016, which has since grown into one of the region’s premier cybersecurity conferences, attracting senior policymakers, industry leaders and cybersecurity experts from around the world.

For his contributions, Koh was awarded The Public Administration Medal (Gold) in 2017 and The Public Administration Medal (Gold) (Bar) in 2025. The awards are among Singapore’s highest public service honours.

Fong, who was appointed chief executive designate on April 1, will officially be chief executive of CSA and the Commissioner of Cybersecurity on July 1.

Chng said: “I also welcome (Fong) to her new appointment and look forward to her contributions and leadership.”

In her previous role at MDDI, Fong oversaw Singapore’s development of an inclusive and safe digital society and led the review and development of the Digital Society Strategy, a foundational piece of work in support of Smart Nation 2.0. She led efforts to support trusted public service media, combat misinformation and other online harms, and develop and enforce legislation to keep the digital space safe. She also led the strategic planning and corporate development functions in MDDI.

Prior to that, Fong spent about a year in the Infocomm Media Development Authority in 2022 as Assistant Chief Executive (Strategy, Plans and Digital Readiness) where she led the strategy and research units and was responsible for developing and implementing programmes to drive digital access and adoption among Singaporeans.

She also previously served at CSA from 2017 to 2022, where she last held the role of Assistant Chief Executive (Policy and Corporate Development).

In this role, she was involved in the drafting and implementation of the Cybersecurity Act (2018), the refresh of Singapore’s Cybersecurity Strategy in 2021, and efforts to raise awareness of CSA’s work and strengthen Singapore’s reputation as a trusted voice on cybersecurity.

Fong has also held roles in the Ministry of Health, Ministry of Defence and the Defence Science & Technology Agency. She was awarded the Public Administration Medal (Silver) in 2025, a National Day Award conferred on public officers who have demonstrated commendable performance and made significant contributions in their fields.