Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

New licensing requirements for cyber-security service providers in 2022

New licensing requirements for cyber-security service providers in 2022
There is a new licensing requirement for cyber-security providers in Singapore

To roll out this 2022: New licensing requirements for cyber-security service providers in 2022

SINGAPORE – With an aim to give greater assurance for the safety of customers and raise the quality of providers, according to Cyber Security Agency of Singapore (CSA), Cyber-security service providers will need to be licensed in 2022. 

Companies or individuals as providers, under the new framework, will be licensed and is expected to kick in early next year. Public consultation on the licensing conditions and legislation has been launched by the Cyber Security Agency of Singapore (CSA).

To apply for such licenses, these service providers will now be given six (6) months from the effectivity of the framework. “Penetration Testing”, which checks if an organization can respond and identify simulated cyber-security attacks, will be one of the services to be licensed. Other services that entails monitoring activities in computer systems to identify threats are also licensable.  

Also Read: What You Need to Know About Singapore’s Data Sharing Arrangements

Fines for operating without a license

$50,000 will be fined to providers if their services are conducted without a license, and if convicted, may serve a prison sentence up to two (2) years, or both. Such licenses may also be suspended or revoked.

With each failure to comply with a licensing condition, $10,000 can be fined by the Cyber Security Agency (CSA) to errant individuals or companies, and this shall not exceed $50,000. 

There will be a fine to be imposed if the licensing requirement was not followed

Licensing Conditions to follow

Companies and individual (such as freelancers or a sole proprietorship) service providers are required to have key officers that are “fit and proper”. This is important especially when choosing a Data Protection Officer (DPO) for the cybersecurity hygiene of the organization and its data protection efforts. There is a need that they have a clean record, meaning no criminal convictions or judgement are in their names in a civil proceedings involving dishonesty, morally depraved or wicked behavior, or fraud. 

At least 30 days before the appointment of a new key officer, there is a need for these Companies or individuals to inform the Cyber Security Agency. Also, to help it investigate any potential breaches of the license, it is prerogative for them to provide information as needed. 

Furthermore, for at least three (3) years, Companies or individuals are required to keep basic records of the services provided. These include details of the work done and client names. It is also mandatory for them to keep every client’s information confidential.

Singapore as the first!

It is believed that Singapore is one of the first countries in the world to introduce licensing for cyber-security service providers.

With the report of the Cyber Security Agency that cyber threats in Singapore have risen, the consultation on the licensing conditions came after. For instance, during the Covid-19 pandemic, cyber-attacks have tripled in number with “zombie” devices linked to the Internet.

Also called as botnet drones, 6,600 malware-laced devices on average on a daily basis have been observed in 2020. This is a big jump from 2019’s 2,300.

Aims of the Framework

According to the Cyber Security Agency, the demand for credible cyber-security services will continue to grow as cyber-security risks become more widespread. There is a need that the service providers need to be fit and proper as some services can be intrusive and sensitive. For if the clients’ networks and systems are abused by the service providers’ access, it can lead to disruption to customer’s operations and it can compromise it. 

Furthermore, one of the aims of licensing is to improve standards. As noted by the Cyber Security Agency, “risks of services being carried out by incompetent or substandard providers are multifold”. As some information is sensitive and confidential, the bar for standards must be set up high so that such information will not become vulnerable to attack or lose it. 

“It is envisaged that licensing could serve as the means through which the quality of (service providers) could be raised over time in future, such as through the introduction of a code of ethics or certain baseline competency requirements.”

Cyber Security Agency
The license can last up to two (2) years, new or renewed. 

Choosing the Right Service Provider, a Credible and Licensed One!

Moreover, licensing service providers could also address and lessen the information gap that exists between customers and service providers by helping such customers identify providers that are credible. 

With the requirement of a license for service providers this early 2022, it is better to advise that you choose your cybersecurity vendor wisely. Make sure that they are licensed as required by the framework, and that such providers have complied with all the requirements for providing services. This is to ensure that your information is secure, and you’ll have the peace of mind in the operations of your business as a customer. 

License Applications and Fees

It is estimated by the Cyber Security Agency that more than 150 license applications will be submitted. This license can last up to two (2) years, new or renewed. 

The usual fee for individual service providers for a license is $500 and $1000 for business entities. However, 50% of these rates have been waived due to the pandemic but this is only for the first 12 months from the start of the licensing framework. The industry consultation is still ongoing and will end on October 18, 2021 by 5pm. The details can be found at CSA’s website.

Also Read: Compliance With Singapore Privacy Obligations; Made Easier!



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us