We sat down with our new Singapore Managing Director, Daisy Radford, to hear her thoughts on the local threat landscape.
Cybersecurity in Singapore has long been seen as a strength, and in the latest SecurityScorecard report, 91% of Singapore’s top 100 companies (by market capitalisation) earned an A-grade rating, but all 100 had suffered some sort of breach. And with breaches growing more sophisticated and interconnected, it’s becoming clear that traditional checklists and best practices aren’t enough. We sat down with Daisy Radford, Reversec’s new RVP in Singapore, to talk about what she’s seeing on the ground, and what’s really keeping tech and risk leaders up at night.
Q: What’s the biggest misconception you’re seeing among leadership teams when it comes to cyber risk?
That cybersecurity and business continuity planning are things you “set and forget.” I still hear phrases like, “We’ve got that covered, we did a review last year.” That’s like saying your financial governance is all locked up… because you had an audit once. Cyber risk is dynamic. Threats evolve. And your digital ecosystem, from software to third-party partners to user behaviour, changes faster than most risk registers can keep up with.
Q: What kinds of threats are you seeing companies struggle to prepare for?
We’re seeing two key challenges. First: multi-party breaches that spread through ecosystems. These aren’t direct attacks. They start with a supplier, or a supplier’s supplier and spiral. Often the company getting hit doesn’t even use the compromised tool or platform. That’s a huge blind spot and a complex gap to fill.
Second: targeted campaigns, often state-linked, that focus on critical infrastructure. In recent weeks, a number of Ministers have been openly discussing the level of threat and quantity of attacks our critical infrastructure is under. These groups don’t just want data, they look for long-term access. They’ll sit quietly in a system, studying how it works, waiting for the right moment. The techniques are quiet, evasive, and not easy to spot using legacy detection tools or standard approach assurance work.
Q: Are most companies ready for that kind of complexity?
Not yet, though many are starting to wake up. Boards are asking better questions, and CISOs are being pulled into earlier strategy conversations. That’s a good sign.
But many organisations are still heavily reliant on vendor assessments and annual tabletop exercises. Those are useful but they don’t give you a live picture. They don’t tell you what’s happening now in your ecosystem. And in a supply chain-driven breach, speed matters. Minutes, not days.
Q: You’ve worked across global markets. Is there something unique about the Singapore landscape?
Singapore has incredibly strong talent and some of the most advanced digital infrastructure in the world. But that also makes it a high-value target. From financial services to critical infrastructure, attackers see this as a strategic node.
And in sectors like finance and energy, the assumption used to be “We’re too established to fall.” But maturity doesn’t stop a zero-day from spreading via a trusted platform. No matter how strong your own controls are, you’re only as resilient as your weakest connected partner.
Q: So what does “prepared” actually look like in 2025?
Prepared is having visibility. Do you know which vendors have access to sensitive systems? Do you know their vendors? Can you map the blast radius if one of them is compromised?
Prepared also looks like practiced response. Not a PDF, but real-time coordination – across IT, legal, comms, leadership and the board.
And finally, it looks like mindset. Resilience isn’t a department’s job. It’s an organisation-wide posture.
Q: If you had one message for Singapore’s business leaders right now, what would it be?
Don’t assume you’re safe because you passed last year’s pen test. Cyber resilience is not a trophy. It’s a muscle. And if you’re not flexing it continuously, you’re falling behind.
Singapore is well-placed to lead in this space. But only if we move beyond checklist compliance and start treating cyber like the live, systemic business risk it is.
Reversec helps organisations build resilience across their digital supply chains, through our expertise in ecosystem visibility, threat intelligence, and real-world incident playbooks.
Want to explore how we can help your business prepare? Reach out!
