Workforce revolution: Bridging Singapore's cyber skills gap

The fast pace of innovation is a double-edged sword for businesses. As more businesses integrate cloud technology into their operations, some are struggling to keep up with the rapid pace of innovation and the security measures needed to safeguard their use of the latest technologies.

As the technology and sophistication of online attacks evolve, governments and businesses must be more cyber-resilient and prepared in terms of people and processes by putting priority on bridging the cyber skills gap to protect networks and data from emerging threats. With GenAI fuelling more sophisticated attacks, it’s important to note the particularly challenging nature of cyber security work today, which means we should support these teams to be well equipped, up to date with the latest in cyber, and resilient.

Mitigating threats also requires upskilling cybersecurity professionals to ensure they possess the latest capabilities needed to prevent, identify and respond to threats effectively. This process should be accompanied by a commitment to continuous evolution. Together, these qualities drive productivity and provide employees with peace of mind, knowing their work is safe and secured.

But to keep this mentality going, both governments and businesses must step up to support upskilling of Singapore’s cybersecurity workforce.

How is the government supporting upskilling initiatives?

According to Senior Minister of State for Digital Development and Information, Janil Puthucheary, creating a robust talent pipeline for the cybersecurity industry will provide businesses with the strong cyber defence wall it demands. This will help all businesses to be prepared with their first line of defence - their people. To do this, the government has announced the implementation of the CSA Cybersecurity Talent, Innovation and Growth Plan. The new plan will see S$50 million invested in greater professionalisation of the cyber-security workforce to keep up with the rapid pace of technology.

As cybersecurity skills become increasingly valuable across various industries, the importance of reskilling non-cybersecurity professionals has also risen. In light of this, the CSA has launched the SG Cyber Associates programme, offering foundational and targeted cybersecurity training tailored for those outside the field, enabling them to develop relevant skills.

The government’s proactive stance will not only benefit pre-existing businesses by upskilling Singapore’s current workforce, but also attract interest from those looking to the city-state for opportunity, and potentially create more jobs for the local economy. According to the Boston Consulting Group, a plan to help Singapore establish itself in the digital economy market is expected to bring in approximately S$1.3 trillion by 2030.

How can businesses bridge the cyber skills gap?

The consequences of not investing in those who underpin our cybersecurity industry can be far-reaching. Neglect can lead to disruptions to productivity and attentiveness, resulting in subsequent financial or reputational damage. Disregarding opportunities to acknowledge or even upskill employees in cyber security risks leaving them stranded in the ever-evolving cyber ecosystem and exposing a business or organisation to potential attacks.

Taking the first step to acknowledge the vital role that cyber security personnel play can boost the morale of your team and motivate them to identify potential areas of cyber weakness. In the long run, investing in both new talent and upskilling of current cyber security teams and the wider workforce is what will bear greater fruit for businesses. Businesses should also recognise the importance of developing a strategic approach on cyber skills and talent, including processes and policies that will help build sustainable cyber talent pipelines within organisations.

For instance, while adopting AI tools can help organisations enhance their efficiencies and gain a competitive edge, having a comprehensive guideline on the proper use of AI is critical to ensure that employees are not using it in ways that put their organisations at risk. According to a recent Veritas research, more than 80% of employees in Singapore want guidelines, policies, or training from their employers on using Gen AI within their organisations. The top reasons cited were: employees need to know how to use the tools in an appropriate way (70%), to mitigate risks (51%) and to create a level playing field in the workplace (30%).

Success in today’s cybersecurity landscape requires a culture of consistent learning. Upskilling will refresh your team’s newly equipped skills with the most up-to-date cyber practices, setting improved standards for your business’ cyber hygiene. Cybercriminals innovate to stay ahead, so cyber resiliency teams should do likewise — each test or rehearsal yields helpful learnings, like security vulnerabilities or failed backups. Teams may discover sensitive data or unnecessary access rights, preventing rapid recovery. They may also improve critical thinking, mitigation strategies, or cross-functional communications, essential for speed during high-stress recovery. It is also important to run comprehensive tabletop exercises to validate the effectiveness of recovery operations across teams, technologies and processes.

Preparing for an adaptable and resilient tomorrow

As technology continues to evolve and the cyber skills gap inevitably widens, upskilling has become essential for strengthening the cybersecurity landscape. Both governments and businesses must prioritise workforce development to build a resilient cyber infrastructure and ecosystem. Leaders can take the lead by fostering a culture of learning and providing opportunities across every individual and team.

Given the adverse impact related to security incidents, it is crucial for organisations to ensure all their employees, regardless of their industry or role, are equipped with fundamental cybersecurity knowledge and awareness, enabling them to better assess and respond to potential attacks.

From offering reskilling programmes for non-technical job seekers interested in a career change to introducing upskilling initiatives for current security professionals, we can work together across different sectors to develop creative strategies to grow the cybersecurity talent pool of the future.

Organisations can orchestrate their programme into a "team of teams" model - one where the core team networks itself with other parties inside and outside of the enterprise to increase capacity to secure the business. Making moves like this bring substantive impact, enabling the business to grow faster and with more confidence.