Back

What is Cyber Security? 2026 Guide

In 2025, Singapore recorded 41,974 cybercrime cases with losses of S$913 million. Here's what cyber security means, the attacks targeting Singaporeans today, and exactly what you can do to stay protected.
StarHub Editorial, 06 March 2026

How This Guide Helps You

🛡️

Clear Definitions

Understand exactly what is cyber security and identify the various types of cyber security protecting your home.

⚠️

Threat Analysis

Learn about common types of cybersecurity attacks—from phishing to malware—and how they work.

Protection Tips

Adopt cybersecurity best practices that provide 24/7 peace of mind for your digital lifestyle.

What is Cyber Security?

At its core, a cyber security definition is the practice of protecting your devices, networks, and personal information from digital attacks or unauthorised access. It covers everything connected to the internet - from your smartphone and home Wi-Fi to your banking apps and online accounts.

Think of it like physical security for your "Digital Home." Just as you lock your front door and keep your keys safe, cyber security involves layering defenses so you can enjoy high-speed browsing and streaming without the constant threat of data exposure.

🔒 Core Goal: Confidentiality, Integrity, and Availability

Understanding why is cyber security important has never been more critical. To address this, the Cyber Security Agency of Singapore (CSA) defines protection around the CIA triad:

C Confidentiality Only you and people you authorise can access your data.
I Integrity Your data hasn’t been tampered with or altered without your knowledge.
A Availability Your systems and accounts are accessible when you actually need them.
 

Why is Cyber Security Important?


Because the cost of ignoring it is real, immediate and personal.
In 2026, cyber security isn't a concern reserved for big corporations or government agencies.
It touches every Singaporean with a phone, a bank account, or a Wi-Fi router at home.

 

🪪

Your Data is a High-Value Asset

NRIC details, health records, and login credentials have high street value on dark web marketplaces. In 2026, these are frequently used to drain bank accounts or orchestrate sophisticated identity theft campaigns.

💸

The Escalating Cost of Breaches

Beyond direct theft, breaches trigger PDPA fines and legal fees. Following 2025 trends, the average cost of a breach remains at record highs, making prevention a critical financial priority.

🏠

Securing the Remote Frontier

Home routers and personal devices are the new frontline. Securing your "work-from-home" infrastructure is no longer optional—it's a daily necessity to protect corporate and personal data silos.

⚖️

2026 Compliance Standards

The amended Cybersecurity Act and PDPA mandates require significant breaches to be reported within three business days. Staying compliant ensures your data remains protected by law.

What the 2025 numbers actually tell us


Singapore's anti-scam efforts produced real results last year. The SPF Annual Scam and Cybercrime Brief 2025 confirmed the first-ever recorded decline in cases. But look at the median loss figure carefully:

 

Metric 2025 2024
Total scam and cybercrime cases 41,974 55,810
Total financial losses S$913.1 million S$1.1 billion
Median loss per case S$1,644 S$1,389
Victims aged below 65 85.2% of cases
Cases involving self-effected transfers 81.8%
Cryptocurrency losses as share of total ~20%

The median loss per victim went up, even as total cases fell. Attacks are becoming more targeted and effective. And that 81.8% figure — victims who transferred money themselves after being manipulated — is the most important number on the table. Most successful attacks in Singapore don't involve sophisticated hacking. They involve a convincing story and someone who had no reason to suspect otherwise.

Types of Cyber Security Attacks in Singapore


These are the attack types most commonly targeting Singaporeans right now, with local data and real examples.

🎣
Phishing
Most Common

Attackers impersonate legitimate organisations — your bank, SingPass, IRAS, a courier — to trick you into clicking a malicious link, entering login credentials, or authorising a payment. Per the CSA Cyber Landscape 2024/2025, phishing cases surged 49% in 2024. Banking, government agencies and e-commerce are the most spoofed.

The newer and more alarming development: 12% of phishing emails now contain AI-generated content — better grammar, convincing tone, personalised details. These are significantly harder to spot than the "Dear Customer" scams of the past.

How to spot it: Check the actual sender email address, not just the display name. Banks, SingPass, CPF and government agencies will never ask for your OTP, password or PIN via SMS or email.
📞
Social Engineering and Phone Scams
Highest Losses

Attackers impersonate police officers, CPF staff, ICA officials or bank representatives to create fear or urgency that pressures victims into transferring money. Government official impersonation scams surged 123.6% in 2025 per the SPF Annual Brief, with elderly victims losing an average of S$37,000 each.

Some attacks now use deepfake video calls to impersonate executives or officials, making them even harder to dismiss as obvious scams.

The rule that will protect you: No Singapore government agency will ever ask you to transfer money, purchase gold bars or cryptocurrency, or provide your SingPass credentials over the phone. If someone is asking this, hang up immediately and call the agency directly using a number from their official website.
🦠
Malware
Growing Threat

Any software designed to infiltrate, damage or gain unauthorised access to your device — viruses, trojans, spyware, keyloggers and more. Fake banking portals delivered 70% of mobile malware during Singapore's 2024 scam wave, almost always through apps downloaded outside official stores.

Notable ransomware groups actively targeting Singapore include Black Basta, LockBit 3.0 and RansomHub, per SOCRadar's Singapore Threat Landscape Report 2025. These groups rent attack tools to affiliates, dramatically lowering the barrier to launch sophisticated campaigns.

Protect yourself: Only download apps from the official App Store or Google Play. Never install apps from links sent via SMS or messaging apps, even from people you know.
💰
Ransomware
High Impact

Ransomware encrypts your files and demands payment — usually in cryptocurrency — to restore access. Ransomware attacks in Singapore increased 21% in 2024. Manufacturing (31.58%), wholesale trade (12.87%) and real estate (11.11%) are the most targeted sectors. Most infections involved old, known malware strains attacking devices that hadn't been updated — meaning they were entirely preventable.

Critical caveat: Paying the ransom does not guarantee recovery. Prevention through software updates and recovery through regular backups are your only reliable defences.
🗄️
Data Breaches
Affects Everyone

A data breach occurs when attackers gain unauthorised access to stored personal data — through hacking, exploiting a third-party supplier, or social engineering. In April 2025, a vendor attack compromised approximately 8,200 DBS clients and 3,000 Bank of China customers. Neither bank was hacked directly. Their supplier was. Even when you're careful, your data can be exposed through a company you trust.

After a breach: Change your password on the affected service immediately and enable 2FA. Check whether your email has appeared in any breach at haveibeenpwned.com.
📧
Business Email Compromise (BEC)
Top 5 by Losses

Attackers impersonate company executives, vendors or business partners via email to trick employees into making fraudulent payments. In 2025, BEC ranked as one of Singapore's top five scam types by total financial loss. Attacks use email addresses almost identical to legitimate ones — a single character substitution that's easy to miss.

Watch for: Urgent payment requests, changes to supplier bank account details, and emails asking you to keep transactions confidential. Always verify by calling the person directly before acting.

8 Cyber Security Best Practices for Singaporeans

Ranked by impact

 

01

Enable Two-Factor Authentication (2FA)

2FA adds a critical verification step. Even if your password is stolen, 2FA stops unauthorized access. Prioritize enabling this on your email, banking apps, Singpass, and social media.

02

Use a Password Manager

Stop reusing passwords. A manager like Bitwarden or 1Password generates unique, complex keys for every account so you only have to remember one master password.

03

Never Click Links in Unexpected Messages

If a bank or agency sends an urgent alert, don't click the link. Navigate directly to their official website via your browser. This simple habit neutralizes almost all phishing attempts.

04

Download the ScamShield App

Protect yourself with the official ScamShield App. It filters suspected scam calls and SMS messages in real-time, protecting over 1.5 million users in Singapore.

05

Keep Software & Routers Updated

Enable automatic updates on all devices. Check your Wi-Fi router’s firmware annually to patch critical vulnerabilities that hackers use to gain home network access.

06

Secure Your Home Network

Change default router admin credentials immediately. Switch to WPA3 encryption if available, and consider replacing hardware that is more than five years old.

07

Back Up Using the 3-2-1 Rule

Maintain 3 copies of your data, on 2 different types of storage (e.g., hard drive and cloud), with 1 copy stored offsite to ensure recovery after a ransomware attack.

08

Audit App Permissions Regularly

Review which apps access your location, microphone, or contacts. If an app's requests seem excessive for its function, revoke access or delete it to protect your privacy.

Beyond individual action, Singapore provides a comprehensive legal and regulatory framework to protect your digital footprint. Understanding your rights under these regulations is the next step in complete digital safety.

Singapore's Cyber Security Regulatory Framework


Singapore has one of the most comprehensive cyber security regulatory environments in Asia. Here's who governs what, and what it means for you.
 

Body / Law What it does
Cyber Security Agency (CSA) National authority. Publishes the Singapore Cyber Landscape report. Operates SingCERT for incident response and security advisories.
Cybersecurity Act 2018 (amended 2024) Governs protection of Critical Information Infrastructure across 11 sectors. 2024 amendments extended coverage to cloud and AI systems.
Personal Data Protection Act (PDPA) Requires organisations to protect your data and report significant breaches within 3 business days. Gives you the right to access and correct your personal data.
Computer Misuse Act (CMA) Criminalises hacking, unauthorised access and related offences. Primary legislation used to prosecute cybercriminals in Singapore.
Online Criminal Harms Act (OCHA) Requires online platforms to proactively detect and remove criminal content. Contributed to a 36.5% decline in platform-based scams in 2025.
Protection from Scams Act Implemented July 2025. Allows police to issue Restriction Orders to banks to block transactions for at-risk individuals.

How to Report Cybercrime in Singapore


If you've been targeted, speed matters. The Anti-Scam Command (ASCom) recovered S$140.5 million in losses in 2025 and helped avert a further S$348 million through early intervention. Reporting quickly genuinely improves your chances of recovering funds.
 

Situation Contact Point
You've been scammed SPF e-Services Portal or call 999 for emergencies
Not sure if it's a scam ScamShield Helpline: 1799
Anti-scam advice Anti-Scam Centre: 1800-722-6688 (24/7, toll-free)
Cyber incident (not fraud) SingCERT
Data breach by an organisation PDPC
Bank account compromised Your bank's fraud hotline — call immediately and request a transaction hold

Frequently Asked Questions

 

Q How can I tell if a message from a "bank" or "government agency" is a scam?

In Singapore, banks and government agencies will never send you clickable links via SMS. Look for common "red flags": high pressure or urgency (e.g., "account will be suspended in 2 hours"), requests for your SingPass password or OTP, and unusual sender IDs. When in doubt, ignore the message and call the organization's official hotline directly.

Q Is it safe to use free public Wi-Fi for banking or shopping?

Generally, no. Public Wi-Fi networks in malls or cafes are often unencrypted, meaning a hacker on the same network could potentially intercept your data. If you must access sensitive accounts, use a Virtual Private Network (VPN) to encrypt your connection, or simply switch to your mobile data (4G/5G), which is significantly more secure.

Q Why is my SingPass OTP so important, and can I share it?

Your SingPass OTP (One-Time Password) is the final key to your digital identity. Sharing it is like handing over the keys to your house; it allows someone to access your CPF, IRAS, and health records. No legitimate official—including police officers or bank staff—will ever ask you for your SingPass OTP or password over the phone or via text.

Q What should I do if I’ve already clicked a suspicious link?

Immediately disconnect your device from the internet (turn off Wi-Fi and mobile data). Use a different, clean device to change your passwords for critical accounts like email and banking. Contact your bank to place a temporary hold on your accounts and report the incident to the Singapore Police Force via their e-Services portal.

Q Does the ScamShield app really work?

Yes. Developed by the National Crime Prevention Council and GovTech, ScamShield uses an AI-powered database to block known scam numbers and filter out phishing SMS. As of late 2025, it has helped block millions of scam attempts in Singapore. It is a "set and forget" tool that significantly lowers your risk of being targeted.

Stay Protected Against Evolving Cyber Threats

Good habits are the first line of defence, but the right tools provide 24/7 peace of mind. Explore StarHub’s suite of security services designed to protect your identity, your devices, and your finances.

ScamSafe

24/7 call and SMS filtering to block scam contacts. Available to everyone with a 6-month free trial.

CyberProtect

Real-time protection against malware, phishing, and unauthorised access across all your devices.

CyberCover

Financial protection covering losses from online fraud and identity theft in the event of an attack.

SafeHub+

An all-in-one subscription bundling these essential protections for the whole household.

Disclaimer:

This content is provided for general information and convenience. While we take care in preparing our articles, readers should refer to official sources or professional advice for specific, up-to-date details.