SINGAPORE, May 5, 2023 -- (ISC)² – the world's largest nonprofit association of certified cybersecurity professionals, and the Royal United Services Institute (RUSI), the world's oldest independent think tank on international defense and security, today released a new research report titled "Global Approaches to Cyber Policy, Legislation and Regulation."
Findings from the report underscore the growing necessity for greater standardization and collaboration to ensure stronger and more resilient frameworks that support shared learning and best practices, amidst rapidly evolving cybersecurity policies and regulations around the world.
The report reviews cybersecurity legislation and regulation within Canada, the European Union, Japan, Singapore, the United Kingdom and the United States, identifying various challenges shaping cyber policy. These issues include the shortage of skilled cybersecurity professionals, the complexities of the critical national infrastructure (CNI) and international cooperation on norm development for cyberspace.
By bringing together insights from different jurisdictions and stakeholders, the report shows the importance of cooperation between private and public stakeholders and that policy makers increasingly seek harmonization of cyber policy.
This is particularly critical for Singapore as its digital economy and the corresponding cyber ecosystem continues to expand rapidly. While the country is recognized for its advanced cybersecurity regulation and policies, Singapore has experienced a high number of cyberattacks in recent years.
For example, the country saw an influx of SMS-phishing scams targeted at bank customers in 2022. The Cyber Security Agency of Singapore (CSA) saw a 54% year-on-year increase in the number of ransomware cases being reported to them in 2021.
"While the report identifies a number of trends in the cyber policy landscape, the increasing reliance on binding cybersecurity obligations for the critical national infrastructure sectors and beyond stand out, but the obligations different jurisdictions impose to increase cyber resilience vary," said Pia Hüsch, Research Analyst for Cyber, Technology and National Security at RUSI.
"The report therefore draws crucial attention to the need to better understand which policies are effective in increasing cyber resilience and how they impact businesses and the cyber workforce implementing them."
"Policymakers must take a proactive, rather than reactive, approach toward cybersecurity policy and collaborate across borders, industries and sectors to establish common standards, protocols and best practices," said Clar Rosso, CEO of (ISC)².
"Findings from this report provide valuable insight into top legislative and regulatory priorities, which emphasizes the need for greater harmonization between policymakers, cybersecurity professionals and other stakeholders to improve cyber resilience and address pressing cybersecurity challenges in 2023 and beyond.
To protect our national security, economies, critical infrastructure, and the data and privacy of our citizens, we need consistent, strong, forward-looking and joined up policies that enable cybersecurity professionals around the world to stay laser-focused on the most critical aspects of their jobs."
The report delves into several other key headlines, including:
- More regulations are coming; organizations must prepare now – not later.
- No country or government is immune to the cybersecurity skills and workforce gap.
- While Singapore's shortage in the cyber workforce has decreased significantly in 2022, the city-state has been investing in cyber workforce development and has issued a number of measures to attract highly skilled workers such as through visa programs like TechPass.
- Global standardization is critical, and full international cooperation is needed, to protect and uphold ethical principles and standards.
- On this front, Singapore is actively engaging with a wide range of actors in the field, including the UN working groups. It has established the ASEAN Singapore Cybersecurity Centre and hosts the annual Singapore International Cyber Week.
- Fortifying critical infrastructure is a top priority for all jurisdictions — especially with more interconnectedness and "state lines" blurring.
- To ensure further resilience of its Critical Information Structure and supply chains, Singapore continues to advance regulation, e.g. in the form of the Complimentary Code of Practice (CCoP 2.0) providing measures and standards implemented by businesses that are part of the critical information infrastructure.
- Collective defense is needed between the public and private sectors and across jurisdictions to support norm development.
For more information on the "Global Approaches to Cyber Policy, Legislation and Regulation" report, please visit: https://www.isc2.org/Research/rusi-report.
Study Methodology
Royal United Services Institute (RUSI) conducted this research from December 2022 to March 2023. The six jurisdictions studied – the U.K., the E.U., the U.S., Canada, Japan and Singapore – were chosen because they drive policymaking in cybersecurity and are leaders in the field, either as norm developers or because of their technology sectors. The research focused primarily on policies enacted or proposed between 2019 and 2023. The research underlying this publication was primarily based on a review of existing literature.
About RUSI
The Royal United Services Institute (RUSI) is the world's oldest and the UK's leading defence and security think tank. Its mission is to inform, influence and enhance public debate on a safer and more stable world. RUSI is a research-led institute, producing independent, practical and innovative analysis to address today's complex challenges. Since its foundation in 1831, RUSI has relied on its members to support its activities. Learn more at www.rusi.org.
About (ISC)²
(ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP®) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, pragmatic approach to security. Our association of candidates, associates and members, more than 365,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and Education™. For more information on (ISC)², visit www.isc2.org, follow us on Twitter or connect with us on Facebook and LinkedIn.
