Rajah & Tann Singapore’s Deputy Managing Partner Abdul Jabbar, as a former member of the Accreditation and Professional Development Committee of the Singapore Institute of Directors (SID), has contributed an article titled “Why boards need a playbook to respond to cyber incidents” to the Boardroom Matters column of the 10 April 2026 issue of The Business Times.
Organisations are increasingly exposed to more frequent, sophisticated and well-coordinated cyber attacks, with generative artificial intelligence (“AI”) amplifying risks through deepfakes and AI-automated attacks, among others. Against this backdrop, Singapore Exchange (SGX) mandates listed issuers to treat cybersecurity as a board-governed risk with disclosure consequences. Listed companies are therefore expected to maintain robust and effective internal controls and risk management systems across financial, operational, compliance and information technology (IT) domains.
The article sets out what an effective playbook on managing cyber risks should cover, including an enterprise-wide cyber risk framework, tested incident response and business continuity plans, and appropriate cyber insurance coverage – supported by a trained workforce and rigorous third-party vendor oversight. The article also highlights listed companies’ disclosure obligations when cyber incidents occur. In such instances, they must assess materiality promptly, make timely SGXNET announcements, and communicate clearly with stakeholders. Entities governed by the Personal Data Protection Act 2012 must also comply with the data breach notification provisions of the law. Listed groups offering financial, cloud or data centre services may be subject to additional notification requirements under applicable sectoral regulations.
The full article is available here.
Find out more about our Corporate Governance Practice here.
Disclaimer
Rajah & Tann Asia is a network of member firms with local legal practices in Cambodia, Indonesia, Lao PDR, Malaysia, Myanmar, the Philippines, Singapore, Thailand and Vietnam. Our Asian network also includes our regional office in China as well as regional desks focused on Brunei, Japan and South Asia. Member firms are independently constituted and regulated in accordance with relevant local requirements.
The contents of this publication are owned by Rajah & Tann Asia together with each of its member firms and are subject to all relevant protection (including but not limited to copyright protection) under the laws of each of the countries where the member firm operates and, through international treaties, other countries. No part of this publication may be reproduced, licensed, sold, published, transmitted, modified, adapted, publicly displayed, broadcast (including storage in any medium by electronic means whether or not transiently for any purpose save as permitted herein) without the prior written permission of Rajah & Tann Asia or its respective member firms.
Please note also that whilst the information in this publication is correct to the best of our knowledge and belief at the time of writing, it is only intended to provide a general guide to the subject matter and should not be treated as legal advice or a substitute for specific professional advice for any particular course of action as such information may not suit your specific business and operational requirements. You should seek legal advice for your specific situation. In addition, the information in this publication does not create any relationship, whether legally binding or otherwise. Rajah & Tann Asia and its member firms do not accept, and fully disclaim, responsibility for any loss or damage which may result from accessing or relying on the information in this publication.
