Singapore’s Cybersecurity Market on steep growth trajectory

Singapore’s cybersecurity market appears to grow at a CAGR of 15% in 2021 and is likely to reach $889 million by the end of 2022.  In a post-covid and digitally disrupted world, Singapore is subject to increased online activities and interconnectivity as the rest of the world. This means there is an urgent need to mitigate digital risks and nurture cyber security resilience to tame another virus spreading across the digital world.

  • Definition / Scope
  • Market Overview
  • Key Metrics
  • Top Market Opportunities
  • Market Drivers
  • Market Restraints
  • Industry Challenges
  • Technology Trends
  • Other Key Market Trends
  • Market Size and Forecast
  • Market Outlook
  • Technology Roadmap
  • Competitive Landscape
  • Key Market Players
  • Strategic Conclusion
  • References
  • Appendix

Definition / Scope

Cybersecurity is the protection of internet connected systems, including hardware, software and data from cyber attacks. Cybersecurity is the need of the hour as of the rising cyber security complexity and proliferation of IoT, mobile networks and cloud-based channels, growing peer-to-peer transactions necessitating users to disclose personal identity as well as increasing adoption of emerging technologies such as robotics, artificial intelligence and quantum computing. McAfee, a cyber security firm projects that cyber crimes costs annual $450 billion to the global economy.

With digitization and connectivity becoming the norm of the 21st century, people and companies alike are exposed to the increasing risk of cyber threats such as:

  • Malware is an all-encompassing term for a variety of cyber threats including Trojans viruses and bombs. Malware is simply defined as code with malicious intent that typically steals data or destroy something on computer.
  • Phishing often pose as a request for data from a trusted third party phishing attacks are sent via email and asked users to click on a link and enter the personal data.
  • Password attacks refers to an act where a third party try to gain access to user’s system by cracking the user’s password.
  • DDoS stands for Distributed Denial of Service Ad or staff focuses on disrupting the service of a network. Attackers send high volumes of data or traffic through the network until the network becomes overloaded and can longer function.
  • By impersonating the endpoint in an online information exchange that is the connection from smartphone to a website the Man in the middle attacks(MITM) attacks can obtain information from the end users and entity the users are communicating with.  The MITM will receive all the information transferred between both parties which could include sensitive data bank accounts and personal information.
  • In case of drive-by downloads, through malware on a legitimate website, a program is downloaded to a user’s system just by visiting the site it does not require any type of action by the user to download it.
  • Maladvertising is a way to compromise your computer with malicious code that is downloaded to the system when you click an affected advertisements.
  • Rogue software is basically malware that are masquerading as legitimate and necessary security software that will keep the system safe

Driven by Singapore’s Smart Nation initiative, increasing adoption of digital assets and its reputation as a leading financial and investment hub, Cybersecurity is posed as a significant market for Singapore over the years. 

Market Overview

In 2020, the global cybersecurity market was worth $173 billion and is estimated to grow to $270 billion by 2026. Cyber Security market is estimated to be $100 billion in 2017 and to grow to US$173 billion in 2022 at a CAGR of 11.6%. The Asia Pacific Cyber Security market is expected to outperform the global market, as of the rising demand for data safety and cybersecurity management. The market is expected to expand from a $20 billion in 2017 to $40 billion in 2022 at a CAGR of 14.6%.

The Cyber Security market in Singapore is expected to grow at a 15% CAGR and value at $889 million by 2022.  The service-based cyber security market holds 70% market share and is the largest segment. Beyond 2022, Singapore’s Cyber Security market growth is likely to mature and slow down, However, from 2022-2030, it is still expected to grow at 10% -13% CAGR and the market size is projected to be worth $2.4 billion by the end of 2030.

Cyber security is a national priority in Singapore which is led by Cybersecurity Agency and supported by multiple government agencies.

CSA SingaporeIt is a central agency that coordinates and oversees the country’s cybersecurity strategy and ecosystem development.
Digital Industry Singapore DISG – Infocomm Media Development AuthorityIt helps to build cybersecurity capabilities and support companies to grow in Asia and beyond.
Monetary Authority of Singapore (MAS) | E-SPIN GroupIt is the central bank of Singapore which issues legal instruments for the regulation of financial sectors in the areas of cybersecurity.
National Research Foundation Salaries in Singapore | GlassdoorIt sets the national direction for cybersecurity R&D through policies, strategies and funding of strategic cybersecurity initiatives.

Key Market Metrics

Base Year2020
Market StageGrowth
Market Revenues (2022, USD)$889 million
Market Growth Rate (2021, %)15%
Number of Companies in the marketOver 400 companies
Market Concentration (% of market share help by top 3 market players)

Top Market Opportunities

Regional market

The market for cyber security services in ASEAN is projected to reach $5.6 billion by 2025. Wherein the Singaporean cyber security market alone is estimated to be $700 million by 2020. ASEAN region appears to be keen on embracing digital economy. According to A.T. Kearney, ASEAN countries such as Indonesia and Malaysia are the hotspots for malware attacks. As a regional member, Singapore could ensure cyber security trust of 625 million people living in the region. Additionally, Singapore has regional cyber security support center to assist counties navigating through digital attacks. Singapore is foraging into partnerships with experienced organization such as Interpol in a bid to homogenize cyber security policy across the globe. Apart from this, Singapore participates in annual ASEAN cyber security initiatives including:

  • CERT Incident Drill (ACID)
  • Network Security Action Council (ANSAC)
  • Regional Forum (ARF)

Trusted and competent country in cyber security

Singapore topped the list in the UN Global Cybersecurity Index conducted worldwide, for its continued commitment to cyber security. Singapore government aims to attract established cyber security companies all over the world. For instance, the country is already home to major players such as BAE Systems, Microsoft and Palo Alto Networks. In 2020, an attack on the Singapore Ministry of Defence threaten Singapore’s national security and was the crux for Singapore to further bolster its commitment to cyber security.

With its reputation, Singapore could cater to major economies of Asia. In 2020, the cybersecurity market size reached $10.6 billion of major economies in the Asia Pacific region including Australia, Hong Kong, China, Thailand, Malaysia, and Indonesia. Out of which $4.7 billion was driven by growth in MSS, IAM and consulting services. Moreover, the Middle East could be a prospective export region.

Partner with countries and participate in regional exchanges

Singapore hosts many international on cyber security norms which channels expertise and investment from across the globe. Some of which include:

  • UNIDIR-CSIS Workshop on preserving and enhancing international cyber stability
  • US-SG TCTP Workshop for ASEAN countries
  • Collaboration with Netherlands on The Hague Process: International Law Applicable to Cyber Operations
  • Singapore has inked a Memoranda of understanding on cooperation in cybersecurity with countries including: Germany, Australia, France, India, Japan, the Netherlands, United Kingdom and the United States. The areas of cooperation include, regular information exchanges on cybersecurity incidents and threats, sharing of best practices, training in cyber security, promoting voluntary norms of responsible state behavior, collaboration on regional cyber capacity building and confidence building measures.
  • Singapore hosted 2016-2018 ASEAN Cyber Capacity Development Project in collaboration with Japan and INTERPOL. Similarly, Singapore hosted Third Country Training Programme with the US. Also, Singapore continues to host ASEAN Plus Three Cybercrime Workshop in joint alliance with China, Japan and Korean. Singapore also partners with Asia Pacific Computer Emergency Response Tea (APCERT) for cyber incident reporting.

Other areas of opportunities

Market Drivers

R&D spending on cybersecurity capabilities

In 2020, the Singapore government announced that it would invest $750 billion in the course of three years to strengthen its cyber and data security capabilities, to protect data and critical information infrastructure (CII) systems.

Similarly, to foster cyber security capabilities, the Singaporean Government has devoted $190 million to the National Cyber Security R&D Program (NCR). The aim of NCR is to connect government agencies, academia, research institutes and industry on cyber security research and collaboration. Under NCR Singapore has already awarded 13 cyber security projects in forensics and security systems. In addition, the NCR has dedicated $8 million to help fund the National Cyber Security R&D Laboratory located at the National University of Singapore.

Surge in cyber attacks

For the past five years, Singapore has witnessed a series of cyber attacks such as breaches of SingHealth, Sephora, AXA Insurance, Uber and Red Cross, alongside the leaking of Singapore HIV data and security scares at the Ministry of Defence and Singapore Armed Forces. Across Asia pacific, Singapore holds the highest average security breach cost of nearly $1.7 million per breach.

Support cyber security start-ups

The government of Singapore continues to collaborate with venture capitalists and accelerators to provide funds to support the start-ups that have potential to expand the country’s cyber security offering. Under the direction of Singaporean government, CSA has partnered with local cyber security companies to build cyber security talent and capabilities. For instance, CSA and Infocomm Media Development Authority (IMDA) supported SingTel innov8 and NUS enterprise to build the country’s first cyber security start-up incubation hub.

Adoption of digital technologies

Technology is both a blessing and a curse for cybersecurity industry. On the one hand, tools such as Machine learning and Blockchain could help mitigate cyber security risks other while on the other hand, same technology is used in criminal offences in cyber space. 84% of the Singaporeans are active internet users and 72% are active mobile users in the country. They tend to spend an average time of 12 hours per week online which is risking sensitive data through cyber attacks.  With mobile applications and bring your own devices (BYOD) trends, endpoint segment is shifting to mobile protection. Singapore considers cyber security as a key enabler in its drive to become a Smart nation broadening the risk of cyber attacks.

Market Restraints

Lack of investment in cybersecurity

Cyber security investment in ASEAN region was $2.59 billion in 2018, which comprise only 0.06% of regional gross domestic product (GDP). As per a report by Deloitte, there is low investment on IT security management amongst the ASEAN countries. These nations are likely to spend 48% less on information security system compared to developed nations. Regardless of the fact that Singapore’s cybersecurity spend per capita was $103 in 2019 which is higher than other Asia Pacific economies such as Korea, Malaysia and Indonesia, the country contributes only 2.4% of its IT budget to cybersecurity which is lower than its Asia Pacific contemporaries such as Australia, Malaysia and Korea.

Compliance obligations

Regulatory compliance obligation continues to grow in 2021 especially in matters such as data privacy. Although many economies in Asia-pacific are adopting omnibus privacy legislation however there is lack of harmonization and commonality of the same legal concepts between the nations in the region. also, companies across the nation view data protection law as mere checkbox compliance showing little concern in relation to data protection.

Industry Challenges

New usages lead to new cybersecurity needs

AI is used in cyber attack as well as in cyber threat defense. AI based systems is used to spread misinformation and campaigns by nation-state hackers by weaponizing social networks and instant messaging apps to influence the sentiment of the population that fuels civil disorders. There are over 4.6 million Singaporeans translating to 79% of the total population who are active social media users in the country. As per a survey by Akamai, Singapore was placed 8th amongst a total of 130 countries in terms of the frequency of credential stuffing attacks on its media websites.

The threat landscape is constantly changing and becoming increasingly sophisticated. With cyber adversaries continuously evolving their tools, techniques and tactics. Adding on to the strain, majority of the Singaporean companies’ security and IT capabilities are at nascent stage with limited or minimal visibility of the fast evolving cyber threat landscape. This lack of clarity often impacts businesses ability to prioritize their cyber security decision making. In this regard, AI is increasingly being adopted in the cybersecurity industry for digital-twin solutions.

High cost of data breach

In terms of financial implications, Singapore has the highest average cost of cyber security attack across Asia Pacific. Compared to its regional counterparts, companies in Singapore are most probable to go through digital transformation and in this regard they are investing heavily in cloud, security and internet of things.

Talent shortage

In 2020, According to the Cyber Security Agency of Singapore (CSA), Singapore has an estimated talent gap of up to 3,400 cybersecurity professionals. As cyber threats become more sophisticated bringing severe consequences, cybersecurity professionals need to constantly upgrade their skills to remain relevant. As cyber security roles require deep technical skills it is much more challenging to fill up those roles.

In this regard, Singapore has introduced cybersecurity scholarships programs under National Infocomm Scholarship Programme in collaboration with industry partners. Also, the country has Cyber Security Associates and Technologists (CSAT) as well as Cyber Security Agency Academy Programme which offer training for professionals in fields such as ICT and engineering to help them prepare for cyber security roles.

Technology Trends

Regulatory Trends

Strong regulatory framework

Singapore boasts high regulatory standards, rule of law and enforcement of intellectual property rights. Some of the acts and regulations related to cybersecurity are explained below:

The cybersecurity Act, 2018 requires close monitoring of Critical Information Infrastructures (CIIs) through government support by appointing a Cybersecurity commissioner to promote codes of conduct for CIIs. Likewise, Personal Data Protection Act 2012, necessitates data protection by preventing unauthorized access, collection, use, disclosure, modification, disposal of such risks. The Computer Misuse Act, protects against offences and computer vulnerabilities such as unauthorized access to a computer system.

Similarly, other act such as Copyright Act shields against copyright infringement and Strategic Goods Act limits the transfer and brokering of strategic goods technology including information security systems, equipment and components.

Recent developments in cybersecurity regulations in Singapore:

  • In 2013, info-communications Media Development Authority of Singapore (IMDA) under the guidance of National Infocomm Security Committee, launched a five-year National Cyber Security Masterplan to foster Singapore’s cyber environment.
  • In 2015, Singapore Cyber Security Agency (CSA) was developed as a national strategy to handle the cyber threats in 11 critical sectors including power, transport, telecommunications, airports and banking. CSA along with the National Cybersecurity R&D Programme has contributed around $150 million from 2013 to 2020 to sustain its R&D facilities and talent development initiatives. Based on milestone fund disbursement, CSA also provides funding up to a maximum of around $3,75,000 for up to 12 months.
  • In 2016, Singaporean government, spearheaded by CSA, released a National Cyber Security Strategy that focused on coordinated actions and the facilitation of international partnerships to forge its security industry in global market. Likewise, Singapore’s Ministry of Defense has also established the Defense Cyber Organization (DCO) to defend Singapore Armed Forces’ (SAF) networks against cyber attacks.

Other Key Market Trends

Ransomware attacks on the rise

Many companies from healthcare to IT companies are prone to cyber attacks. In 2020, on average ransomware attacks were much more expensive than the data breach, costing $4.44 million. Considering this, the Singapore Computer Emergency Response Team warned against the increasing cyber threat caused by the pandemic. In the same year 2020, Hammermith Medicines Research had to compromise its sensitive medical records of more than 2300 patient’s information through ransomware attacks.

State-sponsored hacking

In 2021, it is estimated that there will be a significant increase in cyber espionage campaigns carried out by state-sponsored hackers. State-sponsored attackers aim at gathering intelligence on strategic Intellectual Property, which can give their governments a technological and economical advantage in the post COVID-19 world. Advanced Persistent Threat groups (APT) linked to Russia, China, Iran, and North Korea have the ability to perform malicious operations against countries worldwide especially in countries like the US, Europe, and Middle East due to the escalating tensions between the nations. In 2019, Singapore had to go through its ever cyber attack executed by a state-sponsored espionage group called Whitefly that accessed medical records of Singaporean Prime Minister along with 1.5 million patients.

Market Size and Forecast

The cyber security market in APAC region is expected to grow at CAGR of 20% within the 2019-2025 forecast period and 60% market share is seized by Security services segment in the region.

The global cybersecurity market has grown steadily over the years and is estimated to be worth $202 billion by the end of 2021. According to IMDA, the Cyber Security market in Singapore is projected to be $889 million in 2022 with a CAGR of 15%. From 2022-2030, the market is further expected to grow at CAGR 12%, attaining $2.4 billion market size by the end of 2030.

The global cybersecurity spending will steadily increase over the years and reach $187 billion by the end of 2021. This is because of the shift to remote work during the COVID-19 pandemic which has increased the chances of a cyber-breach. Singapore’s cyber security spending is projected to outperform global growth trend. Singapore is expected to invest $1 billion to build cyber and security capabilities during the forecast period of 2021-2023.

Singapore’s economy post Covid

Since the Covid-19 show no sign of subsiding anytime soon, the pandemic has accelerated the adoption of technology such as e-commerce, financial technology, video conferencing, telemedicine and online education. With this trend as a way of life there are increasing instances of cyber attacks across the world. Singapore is facing its biggest economic downturn in its history with 5.4% economic contraction. However, Singapore’s GDP is projected to progressively recover and expand by 4- 6% by the end of 2021. Singapore is a global data hub   linking 17 active submarine cable systems expediting flow of data from east to west and is home to fourth largest internet data centres across APAC. Therefore, the country is prone to sophisticated attacks.

In a post Covid world, cyber security together with AI and 5G will drive the country’s digital economy. In the seventh Research, Innovation and Enterprise (RIE) plan, AI-enabled cyber security was posted as the backbone of its digital transformation ambition. The average cost of a cybersecurity attack in Singapore stands at $1.2 million per breach. In view of this fact, Singapore is escalating its cyber security investment to $719 million by 2023 to enhance government’s cyber and data security capabilities.

Market Outlook

The future outlook of cyber security market

  • In 2023, spending on cloud security tools is likely to escalate from $5.6 billion in 2018 to $12.6 billion.
  • In 2023, spending on cloud security solutions is estimated to be $1.63 billion rising from $636 million in 2020 at a 26.5% CAGR.  
  • In 2023, spending on Infrastructure Protection is estimated to surge from $18.3 billion in 2020 to $24.6 billion, at a 7.68% CAGR.
  • By 2020, global IT security spending is likely to reach $128 billion, out of which the endpoint security tools comprise 24% of the total IT security spending.
  • According to IDC, 70% of all breaches appears to originate at endpoints, regardless of the increased IT spending on this threat surface.

Post Covid cybersecurity risks

Pre Covid companies confronted their security issues with on premise solutions whereas post Covid, cyber security players have to reconfigure their security strategies to protect corporate data, reinforce cyber hygiene and surveillance in the entire system. According to a recent Singapore Cyber landscape report by Cyber Security Agency of Singapore, in 2019, cyber crime accounted for 26.8% of the overall crime in Singapore with almost 10000 reported cases. For instance, in 2018, attackers hacked Sing Health’s health records and stole personal data of 1.5 million patients and outpatient records of 160,000 people including the medical records of Prime Minister Lee Hsien Loong. In light of this fact, the Centre for Quantum Technologies at the National University of Singapore is working with ST Engineering to develop new cyber-security tools which produce advanced encryption codes that are unbreakable.

Cybercrime is considered as the top three threat across seven different industries across Asia pacific. Amongst them most significant danger of cyber attack is in technology, media and telecommunications (20%), government and public sectors (17%) and healthcare (16%).

The industries most prone to cyber attacks such as healthcare, banking and financial services, technology, media and telecommunications as well as Public and social sectors are likely to have moderate to high cybersecurity spending. Whereas, consumer and retail. Advanced industries, energy and materials and travel, transport and leisure will have overall decrease in cybersecurity spending.

identity and access management, messaging security, managed security services and security and vulnerability management. Whereas, there will be no change in spending patterns across web security, data protection and governance and compliance.

The healthcare industry has been at the front and centre of the Covid crisis. This has resulted in the widespread adoption of telemedicine and virtual consultations thus make this industry highly prone to cyber attacks. This has induced increase in cybersecurity investment and spending in this sector. Also, covid 19 crisis has compelled customers to shop online leading retailers to increase spending in security for digital-payment platforms. The cyber security spending appears to rebound faster at large enterprises compared to small and medium enterprises.

Technology Roadmap

Remote work

Covid-19 has compelled people to work from home making them vulnerable to cyber threats. As per PWC research, there have been 47% increase in phishing scam with the advent of work from home culture. Cyber-attackers are capitalizing on people’s interest in coronavirus-related news by introducing malicious fake coronavirus related websites. Over 600,000 personal data constituting financial information were leaked online through ransomware attacks through covid related information in January 2021. This includes the data of 98,000 Ministry of Defence staff and Singapore Armed Forces servicemen.

Adoption of Multi-factor Authentication

Companies are incorporating Multi-Factor Authentication (MFA) to legacy systems and are rapidly switching to cloud platforms as of the Covid-19 restrictions. In this regard, companies are prioritizing privileged access and identity governance solutions with advanced security analytics. For instance, at the end of 2020, SingPass introduced face verification and multi-user SMS Two-Factor authentication when transacting with government digital services more securely.

Security for trusted third parties

Covid-19 has disclosed many technical gaps in cybersecurity measures. In case of shared network access there is a need for increased monitoring tools such as click-of-a-button security-rating tools, security-risk assessments, and security-reporting instruments. As per a report by EY, 55% of the security leaders in Singapore consider outsourcing security operations post Covid-19.

Ecommerce security

There is also increase in e-commerce security spending particularly from in-house systems to outsourced services. In 2021, there are currently 3.3 million active ecommerce users in the Singapore and the expected market revenue in the ecommerce market will reach $2.79 million by the end of the year.

Competitive Landscape

Key Market Players

Cyber Security PlayersRevenueSecurity Services
Palo Alto Networks$3.4 billionHeadquartered in California and established in 2005, this company, this company  primarily offers firewalls, network security control centers and cloud services.
Acronis Asia$2.5 billionFounded in Switzerland in 2003 with headquarter in Singapore, the company offers cloud solutions and mobility software for data protection. It specializes in backup software, disaster recovery, and storage management services.
Fortinet Singapore $2.15 billionFounded in California in 2000, it offers network and computer security, consulting services including anti-virus programs, intrusion prevention, network access control and web application firewalls. It is renowned for its unified threat management (UTM) and next-gen firewalls (NGFW).
Trend Micro$1.7 billionStarted in 1988 with headquarter in Tokyo, it offers different security software solutions for threat intelligence network. It is a key player in endpoint, cloud and server security services.
FireEye Singapore $940 millionInstituted in 2004 and headquartered in California, the company offers network, endpoint, email, managed and cloud also offers Mandiant Consulting and managed detection and response (MDR) services to assist clients analyze security risks, investigate cybersecurity attacks and protect against malicious software.
ESET Asia$613 millionEstablished  in 1992, with headquarters in the Slovak Republic, it offers internet and cybersecurity packages for individuals, and security, authentication, threat analysis and remote management products for businesses.
Netpoleon Solutions$80 millionFounded in 2000 and headquartered in Singapore it provides customized cybersecurity solutions for businesses ranging from installation to implementation. It also offers post-sales support services and training for its clients.
HorangiTotal funding $23 millionBased in Singapore and started in 2016, it provides cloud security services including penetration testing, offensive services and security assessment and most notably Cloud Security Posture Management (CSPM) solution.

Strategic Conclusion

From data breaches to stealing data, when cyber attack hits, companies compromise business trust. The businesses need to recognize the digital trust is the new currency of the new normal to survive thrive and gain competitive edge.  In 2020, phishing and hacking of stolen credentials were the top two methods of breaching security with the advent of remote work culture. So, a more proactive model such as zero trust model built with austere identity verification system should ensure governance and cyber hygiene.

In this regard, Singapore needs to revise their cybersecurity model by strengthening its position as a cyber security hub by developing talent, establishing cyber security infrastructure, enhancing research capabilities and encouraging industry collaboration.




AIArtificial Intelligence
APIApplication Programming Interface
APTAdvanced Persistent Threat
ASEANAssociation of Southeast Asian Nations
BYODBring Your Own Device
CIIsCritical Information Infrastructures
CSACyber Security Agency
CSATCyber Security Associates and Technologists
CAGRCompound Annual Growth Rate
COPECorporate Owned Personally Enabled’
DDoSDistributed Denial of Service
GDPGross Domestic Product
IMDAInfocomm Media Development Authority
INTERPOLInternational Criminal Police Organization
IoTInternet of Things
ICTInformation and Communication Technology
ITInformation Technology
MFAMulti-factor Authentication
NCRNational Cyber Security
R&DResearch and Development
SAASSoftware as a service
SMEsSmall and Medium Enterprises
ST EngineeringSingapore Technology Engineering
UNIDIR-CSISUN Institute for Disarmament Research (UNIDIR) and the Center for Strategic and International Studies
US-SG TCTPUnited States-Singapore Third Country Training Program

Leave a Reply

Next Post

Construction Industry in The Philippines

Wed Jul 28 , 2021
Construction Industry in Philippines is valued at USD 20.05 billion in year 2020 and is expected to reach USD 54.12 billion by the end of the year 2026. It is expected to grow at a CAGR of 18.2% because of rising number of construction projects, increasing demand for green construction […]