CSA to Launch Scheme to Develop Cybersecurity Health Plans With Funding Support For Small-Medium Enterprises

Published on 28 Feb 2023

The Cyber Security Agency of Singapore (CSA) will be launching a scheme to develop cybersecurity health plans with funding support for small-medium enterprises (SMEs). The scheme will see cybersecurity consultants take on the role of the SMEs’ “Chief Information Security Officers” (CISO), akin to providing a CISO-as-a-Service (CISOaaS) to SMEs facing manpower constraints in hiring cybersecurity personnel.

2   CSA aims to encourage SMEs to improve their cyber defences by going for cyber health “checkups” and to develop cybersecurity health plans, while working towards national cybersecurity certification such as attaining CSA’s Cyber Essentials mark. The scheme was announced by Mr Tan Kiat How, Senior Minister of State for the Ministry of Communications and Information (MCI) & Ministry of National Development, at MCI’s Committee of Supply Debate today.

3   The scheme seeks to alleviate some common challenges SMEs face in implementing cybersecurity measures, such as:

  1. Lack of in-house cybersecurity staff to address cybersecurity risks
  2. A wide range of cybersecurity solutions and providers in the market, making it challenging for SMEs to prioritise what to implement first
  3. Rising business costs

4   CSA will provide funding support to SMEs by co-funding up to 70% of their costs for engaging cybersecurity consultancy services for the first year. The scope of services will be pre-defined, with an emphasis on baseline requirements to attain the Cyber Essentials mark, which in turn provides SMEs’ partners and clients with greater assurance as they digitalise. The scope of services includes helping SMEs to secure digital assets, protect systems against viruses and malware, improve employees’ cybersecurity awareness and respond to cybersecurity incidents.

5   CSA will help SMEs mitigate the uncertainty of hiring vendors by having a list of onboarded cybersecurity consultants. Onboarded consultants are evaluated by CSA on their capacity and capability, as well as cost-effectiveness. SMEs will also be able to compare offerings from different consultants and decide which one best addresses their needs and concerns. The appointed consultant will then analyse the SME’s cybersecurity posture and tailor a cybersecurity plan for the company.

6   The scheme is expected to launch in May 2023. More details on the eligibility criteria and application process will be made available progressively on CSA’s website.

7   Esther Moey, Director, Princeps Law Corporation, said, “The process of attaining the Cyber Essentials mark has been a valuable one. With many of us working from home, we learned about the importance of securing our home network, so we hired a consultant to implement the necessary safeguards. We have also strengthened our processes, such as having dedicated work computers that we do not use for non-work purposes. Given that everyone is digitally connected to one another now, I am very encouraged that the government is incentivising SMEs to improve their cybersecurity. Attaining the Cyber Essentials mark has made my company’s data more secure and my clients feel more assured as well.”


About the Cyber Security Agency of Singapore

Established in 2015, the Cyber Security Agency of Singapore (CSA) seeks to keep Singapore’s cyberspace safe and secure to underpin our Nation Security, power a Digital Economy and protect our Digital Way of Life. It maintains an oversight of national cybersecurity functions and works with sector leads to protect Singapore’s Critical Information Infrastructure. CSA also engages with various stakeholders to heighten cyber security awareness, build a vibrant cybersecurity ecosystem supported by a robust workforce, pursue international partnerships and drive regional cybersecurity capacity building programmes.

CSA is part of the Prime Minister’s Office and is managed by the Ministry of Communications and Information. For more news and information, please visit www.csa.gov.sg



Report a Cybersecurity Incident

SingCERT encourages the reporting of cybersecurity incidents as it enables us to better understand the scope and nature of cyber incidents in Singapore. This will enable us to issue alerts or advisories on relevant threats, and assist a broader range of individuals and organisations.
Report Incident