Four actions Singapore boards should take on third-party cyber risk

0

Singapore boards are being urged to take a more direct role in managing third-party cyber risk, amid warnings that mature risk management programs have not prevented repeated supply chain-related incidents.

The call follows a recent advisory from the Cyber Security Agency of Singapore (CSA) on securing software development environments, which highlighted the need for strict controls over development systems as organisations increase their reliance on third-party software and tools.

In a commentary distributed by PR firm Bench PR on behalf of cyber defence platform BlueVoyant, the company’s Singapore country head, Easan Sathiyalingam, argued that cyber risk should be treated as a board-level governance issue rather than an isolated IT concern.

BlueVoyant cited research claiming 93% of Singapore organisations reported negative impacts from a supply chain-related cyber breach, up from 70% in the previous year. The same research said more than half of organisations had experienced multiple third-party incidents, despite Singapore “leading globally” in third-party risk management maturity.

According to the article, growth in vendor ecosystems is adding complexity. It cited a figure that 67% of Singapore organisations expect their third-party networks to grow by 6–15%, increasing the challenge of maintaining visibility into supplier practices and security controls.

The article also pointed to ongoing regulatory and governance expectations for boards in Singapore to “own” cyber risk, referencing reporting about Monetary Authority of Singapore (MAS) engagement with bank CEOs on cyber and AI threats.

It outlined four actions boards and senior leadership should take to strengthen third-party cyber resilience: clearer accountability in supplier and customer relationships, stronger oversight and monitoring of third-party risk, incident response plans that include suppliers, and transparent communication during incidents to reduce reputational fallout.

The article argued that supplier security should move beyond a compliance “checkbox” approach, and that resilience depends on governance, continuous monitoring and clear contractual expectations across supply chain relationships.

Share.

Comments are closed.

Visit Us On TwitterVisit Us On FacebookVisit Us On LinkedinVisit Us On Youtube