The country’s cybersecurity industry has come a long way. First developed as a regional sales hub for global cybersecurity players, the industry now sees Singapore-based firms providing risk management and more complex capabilities in cybersecurity operations through professional and managed services. According to the EY-Parthenon study, the latter two account for 30%–45% of total cybersecurity spending in Singapore. This is driven by the massive volume and value of data generated by businesses, increased frequency and severity of cyber breaches, stricter regulations, and rising costs for insourcing cybersecurity operations.
This market growth is driving a surge in demand for cybersecurity talent too and an undersupply currently exists. The industry is already a significant employer: Singapore’s cybersecurity workforce jumped from about 4,000 professionals in 2016 to about 12,000 in 2022. However, the country will require about 2,800 to 4,400 new cybersecurity professionals over the next four years, particularly in roles relating to vulnerability assessment and penetration testing, threat analysis and security architecting.
The nation’s cybersecurity industry must address four key areas to seize growth opportunities as well as remain agile, competitive and sustainable in the long term.
Broaden the spectrum of innovation
The BFSI and public sectors have traditionally been the focus for cybersecurity solution providers. Beyond that, there is a significant upside in extending innovation to address pain points across a wider range of industries, particularly in other leading sectors, such as maritime, advanced manufacturing and life sciences. Innovation should also leverage emerging technologies — such as the Internet of Things, blockchain, artificial intelligence and quantum computing — where the country is at the forefront of R&D.
Driving collaboration among solution providers in the ecosystem — including large cybersecurity or industry-focused MNCs, smaller fast-growing startups and the supporting infrastructure of incubators, accelerators, investors and government bodies — will create the scale and agility needed to develop new solutions to pain points. To this end, the abovementioned Cyber TIG Plan, which seeks to support innovation efforts and companies with the potential to develop solutions and internationalize them in partnership with other government agencies and the industry, will be instrumental.
The Cyber TIG Plan will play a key role in driving collaboration among solution providers in the ecosystem to help create the required scale and agility for developing new solutions.
Adopt a “dual engine” growth strategy
While Singapore has thrived on providing high-quality cybersecurity services, the ability to expand these services regionally and internationally may be limited. Services are, by nature, more difficult to scale out due to the need for in-country manpower as well as difficulties arising from differences in time zones, languages and cultures.
In contrast, more dividends can be expected from cybersecurity products through the utilization of distribution partners overseas. Additionally, cybersecurity product development is key to creating tailored solutions that address Singapore’s national cybersecurity needs. A “dual engine” growth strategy that focuses on cybersecurity product development while continuing to enhance service quality is therefore critical to future growth.
Extend ambitions globally
While many local cybersecurity providers have taken a stepwise regional approach toward growth, the industry could consider a more aggressive approach in its global ambitions. Cybersecurity product providers, software players and local B2B unicorns that have seen international success first grew by winning early in a large, scalable overseas market.
To help realize this, local cybersecurity providers should consider establishing a foreign presence early and forming technology partnerships that can increase exposure to end users. Another key consideration is to appoint senior advisors with connections to local end users and capital providers as well as experience in the target market.
Enhance the talent pipeline
Singapore’s cybersecurity talent gap is expected to persist in the immediate term, and it is imperative to continue expansion of the existing cybersecurity workforce and the diversity of skill sets. The future of cybersecurity increasingly lies in the hands of product developers to build products that are secure by design.
Therefore, cybersecurity must be infused into adjacent industries, including augmentation of the information and communications technology (ICT) workforce with cybersecurity skills beyond cyber hygiene. Additionally, non-ICT professionals, such as engineers and auditors, could also benefit from enhancing their existing skill sets with cybersecurity knowledge.
Importantly, cybersecurity must be professionalized as a career. Greater clarity is needed for professionals who want to upskill and re-skill, and career progression must be strengthened within the industry to boost the quality and recognition of cybersecurity professionals.
With its capabilities in emerging technologies, unique geopolitical neutrality and skilled workforce, Singapore has the potential to become a world-class cybersecurity hub. Turning this vision into reality will require a proactive effort in addressing these four imperatives with the Cyber TIG Plan as well as strong support and participation across the public and private sectors.
This article includes contributions from Samir Bedi, EY Asean Workforce Advisory Leader and Singapore Government & Public Sector Leader, Ernst & Young Advisory Pte. Ltd.; Callista Ng, Partner, People Advisory Services, Ernst & Young Solutions LLP; Steve Lam, EY Asean Cybersecurity Leader; and Nick Lam, EY-Parthenon Director, EY Corporate Advisors Pte. Ltd.
Our related articles
Summary
Singapore’s cybersecurity industry must address four imperatives to remain agile, competitive and sustainable in the long term. These include innovating to address pain points across a wider range of industries and adopting a “dual engine” growth strategy that prioritizes both cybersecurity product development and continued improvements in service quality. Establishing a foreign presence early in a large, scalable overseas market and enhancing the industry's talent pipeline are other key actions.
