Singapore’s cyber threat landscape is entering a more aggressive and complex phase, with ransomware accounting for 58% of all recorded incidents in 2025, according to Check Point Software’s latest report.
The findings underscore the city-state’s growing exposure as a global digital and financial hub, where both cybercriminal groups and nation-state actors are intensifying their efforts.
More than 130 major cyber incidents were recorded last year, cutting across public and private sectors. Ransomware attacks dominated, with over 60 reported cases, driven by sophisticated groups such as Qilin and Lynx.
These actors increasingly deploy double-extortion tactics, simultaneously encrypting and exfiltrating sensitive data to maximise leverage. In one notable case, a Singapore-based chemical manufacturer reportedly lost 165 GB of data to Qilin.
Alongside ransomware, hacktivist activity contributed significantly to system disruptions. Groups including HIME666 and NullSec Philippines targeted high-visibility entities, reflecting a broader trend of politically or ideologically motivated cyber operations.
Government infrastructure remains a primary target. The report found that 44% of distributed denial-of-service (DDoS) attacks were directed at government domains, particularly those under “gov.sg”.
Business services and retail sectors also face sustained pressure, accounting for 32% and 15% of attacks respectively. Notably, retail emerged as the most vulnerable to data breaches, representing 42% of such incidents.
Rebecca Law, country manager for Singapore at Check Point Software, highlighted the shifting nature of cyber risk. “Singapore’s status as a global digital hub makes it a primary target for both financially motivated criminals and strategic nation-state actors,” she said. “As we move into 2026, organisations must assume that trust, not just systems, will be exploited.”
The rise of AI-driven deception is set to further complicate the threat landscape. Deepfake-enabled scams and AI-generated phishing content are expected to become mainstream, targeting human behaviour rather than technical weaknesses. This aligns with broader industry findings.
For example, the World Economic Forum’s Global Cybersecurity Outlook 2025 notes that social engineering attacks are accelerating due to generative AI, lowering the barrier to entry for attackers.
Similarly, IBM’s Cost of a Data Breach Report highlights that stolen credentials and phishing remain leading attack vectors, reinforcing the growing importance of identity-based security.
Looking ahead, Check Point warns that organisations relying solely on traditional defences will struggle. Instead, resilience will depend on proactive, “safe-by-design” strategies, robust incident response frameworks, and heightened employee awareness. As AI reshapes both attack methods and defence capabilities, Singapore’s cyber resilience will hinge on its ability to anticipate, adapt, and respond in real time.
