Why Singapore’s banks can’t sleep on cybersecurity

Singaporeans have high trust in their banks, according to the latest Banking Trust Index Survey conducted by the Association of Banks in Singapore.

The survey found that 74% of respondents held this sentiment, based on the resilience demonstrated by banks during the height of the pandemic, as well as their robust efforts to protect customers from scams and data breaches.

Despite the strong vote of confidence, banks cannot afford to be complacent as the pace of change in the banking, financial services, and insurance (BFSI) sectors is fast and relentless. The emergence of digitally savvy fintech players is a trend that BFSIs must stay ahead of.

Regardless of the technological or competitive landscape, the traditional banking values of trust, security, and resilience remain as important as ever – as outlined by IDC.

Prioritising data security and modernisation 

Strengthening trust, resilience, and security is a top priority for BFSIs, and many have adopted new digital business models while also investing in updated data-driven security, legacy modernisation, and personalised customer service platforms.

Investment in cybersecurity hardware, software, and services is expected to reach US$57.6 billion by 2026, representing a compound annual growth rate of 16.4% for the period 2021-2026. In the Asia-Pacific region, spending on security services surpassed US$31 billion in 2022 – a 15% increase from the previous year, according to the IDC’s most recent Worldwide Security Spending Guide.

Cloud platforms are also a focus for investment, serving as a bridge to modernise financial transaction workloads. More cloud projects are expected to come online as regulators gradually remove cloud-relevant regulatory hurdles.

Asia-Pacific banks are first-movers on this front, with 92% of regional banks surveyed in a recent IDC Financial Insights report sharing plans to increase cloud spending in the near future. Ninety-three percent of banks are expected to operate in hybrid and multi-cloud environments in 2023.

BFSI landscape in Singapore

In Singapore, many BFSIs will shape their security and infrastructure investment plans around the Monetary Authority of Singapore’s (MAS) Financial Services Industry Transformation Map (ITM) 2025 introduced last year.

Designed to cement Singapore’s reputation as a global financial services hub, the ITM aims to enhance asset class strengths, transforming financial infrastructure, accelerating Asia’s net-zero transition, shaping the future of financial networks, and fostering a skilled and adaptable workforce.

Digital transformation focus areas include developing bond market infrastructure to boost Singapore’s bond issuance/listing market reputation. Fund settlement utility – to centralise and speed up the subscription, redemption, workflow, and reconciliation of fund data flows – is another priority. Connecting SMEs across high-growth regions and enabling easier access to trade finance is the final digital goal of the ITM.

To ensure a secure, accessible, and level playing field for these digital projects and others, the Cyber Security Agency of Singapore has updated the Cybersecurity Code of Practice for critical information infrastructure. The MAS has also introduced stronger regulations in cyber hygiene and risk management for the banking sector.

Adopting technology to gain visibility

To thrive under these rules, Singapore BFSIs should adopt a zero-trust approach to gain visibility.  

Zero trust requires authentication and authorisation action steps every time access is granted to a specific resource on all transactions. In Europe, 55% of financial organisations use some form of zero-trust strategy for their authorisation and authentication. 

Adopting zero trust shifts the traditional paradigm from implicit trust for users and resources inside a static, network-based perimeter to an authentication model focused on users, assets, and resources.

Risk management recommendations

Speed matters for BFSIs, and while digital acceleration is a universal goal, moving too fast is risky if processes are rushed. A step-by-step approach is recommended, and training or upskilling employees to use new technologies is an essential starting point.

Sharing data with industry peers to learn best practices and identify potential issues is a good follow-up. A great example of this in practice is the partnership between the Suspicious Transaction Reporting Office (part of the Singapore police force) and MAS to track suspicious transactions and cash movements to fight money laundering.

Cybersecurity is a team sport

To sum up, implementing cybersecurity measures that are in line with local regulations allows BFSIs to better protect their data and transactions and deliver peace of mind to all stakeholders.

Coordination and teamwork are also recommended, with BFSIs joining vendors and partners in an open, integrated way to produce results that are greater than the sum of their parts. From experience, sharing risk and threat intelligence is a more effective way to detect abnormality in money transactions.

Finally, BFSIs must have solid digital building blocks in place. Platforms to highlight transaction visibility with data, analytics, cloud platforms, and cybersecurity strategies and networks provide rock-solid defensive lines that Singaporeans can continue to trust and be reassured by.