Singapore: Cyber Security Agency publishes Singapore Cyber Landscape 2024/25 report

25 Sept 2025    3 minute read

In brief

On 3 September 2025, the Cyber Security Agency (CSA) released its Singapore Cyber Landscape 2024/2025 report ("Report"), highlighting the evolving cyber threat environment and the nation's collective efforts to safeguard its digital ecosystem. The Report noted that 2024 was marked by a surge in global and local cyber incidents, with Singapore experiencing significant increases across multiple threat categories.

Contents

An intensifying cyber threat landscape

State-sponsored groups and cybercriminals launched increasingly sophisticated campaigns, while large-scale disruptions such as subsea cable cuts underscored the fragility of global connectivity. Key developments included the following:

  • Ransomware: Singapore recorded 159 ransomware cases in 2024, a 21% increase from 2023. Manufacturing, professional services and ICT were the most affected sectors.
  • Phishing: Phishing attacks surged by 49%, with 6,100 cases reported in 2024 (up from 4,100 in 2023) and banking and financial services remaining the most spoofed industry (56% of all cases). Local banks were heavily spoofed, alongside government agencies like the Inland Revenue Authority of Singapore and Ministry of Finance.
  • Infected infrastructure: The number of infected infrastructure increased by 67%, with approximately 117,300 systems compromised (up from 70,200 in 2023), primarily due to increased botnet drone activity.
  • Distributed denial-of-service (DDoS) attacks: Global DDoS activity spiked by 53% in 2024. Singapore was ranked the seventh most attacked country in Q4, reflecting its role as a major digital hub with dense data center infrastructure.
  • Emerging risks: Threat actors experimented with AI-powered malware and deepfake-enabled cams, while vulnerabilities in IoT devices and supply chains widened the attack surface.

Sophisticated attack methods

Threat actors increasingly undertake sophisticated attack methods to target critical infrastructure:

  • 69% of phishing websites were served via the HTTPS protocol to appear more legitimate.
  • 12% of reported phishing emails contained AI-generated content, which suggests continued nascent adversarial exploitation of AI to facilitate phishing.
  • State-sponsored groups launched increasingly sophisticated campaigns targeting critical infrastructure.
  • Threat actors experimented with AI-powered malware and deepfake-enabled scams.

Supply chain and infrastructure vulnerabilities

2024 also saw increased vulnerabilities in supply chains and infrastructure across the globe:

  • Large-scale disruptions such as submarine cable cuts underscored the fragility of global connectivity.
  • The CrowdStrike outage in July 2024 demonstrated how software updates can trigger cascading failures across critical systems.
  • Vulnerabilities in IoT devices and supply chains created a widened attack surface for cybercriminals.

Growing cybercrime and scams

Cybercrime cases in Singapore rose by 10.8% in 2024, with over 55,800 incidents reported. Scams leveraging messaging apps, social media and spoofed government portals remain a persistent challenge, with criminals increasingly using AI to enhance their deception techniques.

Strengthening defenses

The Report reiterates that cybersecurity remains a shared responsibility. The CSA expanded initiatives such as Cyber Essentials and TrustMark certifications for small and medium enterprises, international partnerships against ransomware, and capacity-building for students, seniors and professionals.

Singapore's position as a trusted global digital hub depends on continued vigilance, resilience and collaboration across government, industry and the public to safeguard against this evolving cyber threat landscape.

Key takeaways

As digital adoption accelerates, the risks posed by AI, IoT and geopolitical cyber activity will continue to grow. The Report stresses the need for vigilance, resilience and collaboration across government, industry and the public to safeguard Singapore's position as a trusted global digital hub.

Organizations should prioritize the following:

  • Regular security assessments and vulnerability management to address the months-old or years-old vulnerabilities that are still being exploited
  • Employee training and awareness programs to combat increasingly sophisticated phishing and social engineering attacks
  • Incident response planning and business continuity measures to minimize the impact of ransomware and other disruptive attacks
  • Supply chain security measures, including vendor risk assessments and third-party security requirements
  • Implementation of multi-factor authentication and zero-trust security frameworks

If you require assistance with navigating any cyber-related challenges, including understanding cybersecurity regulations, being prepared for incident response, enhancing cross-border data governance, and identifying risk management strategies, please feel free to reach out to your Baker McKenzie contact.

* * * * *

LOGO_Wong&Leow_Singapore

© 2025 Baker & McKenzie. Wong & Leow. All rights reserved. Baker & McKenzie. Wong & Leow is incorporated with limited liability and is a member firm of Baker & McKenzie International, a global law firm with member law firms around the world. In accordance with the common terminology used in professional service organizations, reference to a "principal" means a person who is a partner, or equivalent, in such a law firm. Similarly, reference to an "office" means an office of any such law firm. This may qualify as "Attorney Advertising" requiring notice in some jurisdictions. Prior results do not guarantee a similar outcome.

Contact Information
Andy Leck
Principal
Singapore
Read my Bio
andy.leck@bakermckenzie.com
Ren Jun Lim
Principal
Singapore
Read my Bio
ren.jun.lim@bakermckenzie.com
Ken Chia
Principal
Singapore
Read my Bio
ken.chia@bakermckenzie.com
Sanil Khatri
Local Principal
Singapore
Read my Bio
sanil.khatri@bakermckenzie.com
Daryl Seetoh
Local Principal
Singapore
Read my Bio
daryl.seetoh@bakermckenzie.com
Natalie Joy Huang
Local Principal
Singapore
Read my Bio
natalie.huang@bakermckenzie.com

Copyright © 2025 Baker & McKenzie. All rights reserved. Ownership: This documentation and content (Content) is a proprietary resource owned exclusively by Baker McKenzie (meaning Baker & McKenzie International and its member firms). The Content is protected under international copyright conventions. Use of this Content does not of itself create a contractual relationship, nor any attorney/client relationship, between Baker McKenzie and any person. Non-reliance and exclusion: All Content is for informational purposes only and may not reflect the most current legal and regulatory developments. All summaries of the laws, regulations and practice are subject to change. The Content is not offered as legal or professional advice for any specific matter. It is not intended to be a substitute for reference to (and compliance with) the detailed provisions of applicable laws, rules, regulations or forms. Legal advice should always be sought before taking any action or refraining from taking any action based on any Content. Baker McKenzie and the editors and the contributing authors do not guarantee the accuracy of the Content and expressly disclaim any and all liability to any person in respect of the consequences of anything done or permitted to be done or omitted to be done wholly or partly in reliance upon the whole or any part of the Content. The Content may contain links to external websites and external websites may link to the Content. Baker McKenzie is not responsible for the content or operation of any such external sites and disclaims all liability, howsoever occurring, in respect of the content or operation of any such external websites. Attorney Advertising: This Content may qualify as “Attorney Advertising” requiring notice in some jurisdictions. To the extent that this Content may qualify as Attorney Advertising, PRIOR RESULTS DO NOT GUARANTEE A SIMILAR OUTCOME. Reproduction: Reproduction of reasonable portions of the Content is permitted provided that (i) such reproductions are made available free of charge and for non-commercial purposes, (ii) such reproductions are properly attributed to Baker McKenzie, (iii) the portion of the Content being reproduced is not altered or made available in a manner that modifies the Content or presents the Content being reproduced in a false light and (iv) notice is made to the disclaimers included on the Content. The permission to re-copy does not allow for incorporation of any substantial portion of the Content in any work or publication, whether in hard copy, electronic or any other form or for commercial purposes.