Tackling the Critical Data Security Challenges in Singapore’s Public Sector
Singapore’s public sector is at the forefront of digitisation — all thanks to its Smart Nation initiative, 99% of government services can now be completed online, significantly enhancing the efficiency and accessibility of public sector services.
But while the public sector’s digital transformation efforts have helped improve citizen services, it does not end there.
To complement the modern customer-facing digital infrastructure, the public sector must establish a robust data foundation. Given the vast amounts of critical data managed by the sector, ensuring its security and preventing unauthorised access is of utmost importance.
As the government’s legislative arm works to protect the public sector and their citizens with laws to protect data, such as the Digital Infrastructure Act 2025 and the enhanced Cybersecurity Act, public sector agencies must align with the Smart Nation initiative to strengthen their digital infrastructure and effectively govern data.
However, data security remains a top challenge in this sector. This blog entry will delve into the top public sector concerns in data security and explore effective solutions to address them.
Top 3 Key Public Sector Data Security Challenges
In 2024, Singapore navigated a complex landscape of security challenges that tested its resilience and adaptability. The country faced 55,810 cases of scams and cybercrimes, resulting in losses of at least $1.1 billion. With the public sector handling critical data, including citizens' personal identifiable information (PII) and data concerning national security, several challenges need to be addressed:
1. Poor Workspace Governance
Singapore has implemented the Whole-of-Government (WOG) approach which is designed to enhance collaboration across various public sector agencies, making it easier for citizens to interact with different departments. However, the Singapore Public Sector Outcomes Review 2024 highlighted that while there have been improvements in how agencies work together, there is still a need to dismantle vertical organisational structures to foster a more collaborative culture.
Governing digital workspaces, remains a significant challenge in Singapore’s public sector, particularly in ensuring data security and facilitating collaborative work. One example was an incident in December 2024, where a public sector agency’s portal accidentally displayed full national registry identity card numbers. With rapidly advancing technology, the public sector must ensure data security measures, specifically proper data governance, are implemented to ensure that no unauthorised users can access PII and other sensitive information, which also allows them to comply with privacy regulations like the Personal Data Protection Act (PDPA).
The AvePoint Confidence Platform can significantly enhance the WOG approach by implementing data governance measures such as:
- Risk understanding and management. The Confidence Platform helps public sector agencies understand and define risks in their digital workspaces. From these insights, rules can be set and automated across digital workspaces to limit access to authorised users and avoid breaches from users having unauthorised access to PII. This ensures consistent compliance with data governance frameworks like the Public Sector (Governance) Act (PSGA) and the Personal Data Protection Act (PDPA), reducing the likelihood of human error and enhancing accountability and transparency.
- Access control and data security. The Confidence Platform offers visibility into which users or guest users have access to workspaces and sensitive data, allowing workspace administrators to set and automate rules, limit access to authorised users only, and avoid breaches from users having unauthorised access to PII.
- Automated policy enforcement. Our platform’s ability to review workspace risks and provide insights into governance measures enables administrators to automate policies based on defined risks. This ensures consistent compliance with data governance frameworks like the Public Sector (Governance) Act (PSGA) and the Personal Data Protection Act (PDPA), reducing the likelihood of human error and enhancing accountability and transparency.
Lifecycle data management. Managing data throughout its lifecycle – from creation to deletion – ensures that data is retained only as long as necessary. This practice reduces the risk of data breaches from storing unnecessary data and aligns with the goal of maintaining high standards of data security across public agencies.
With proper data governance, public sector agencies can help understand and address risks in their organisation, ensuring safeguards are in place to reduce risks of unauthorised access that leads to data breaches.
2. Irreversible Data Loss
Critical vulnerabilities can lead to significant data losses and service disruptions. When institutions rely on outdated systems without sufficient redundancy protocols, inadequate disaster recovery plans, and fragmented security architectures, single points of failure can cascade into widespread outages.
For instance, the Cyber Security Agency of Singapore reported that 46% of businesses and 60% of non-profit organisations experienced data loss due to cyberattacks. This highlights the importance of reliable cybersecurity measures.
Recent incidents, such as the 2024 bank outages, disrupted 2.5 million payment and ATM transactions, significantly impacting businesses and consumers’ access to their accounts. Additionally, 810,000 login attempts to the banks' digital platforms failed.
Moreover, a ransomware attack on HomeTeamNS servers, which compromised employee and vehicle data, underscores the vulnerabilities in systems that lack comprehensive security measures. These examples illustrate the critical need for institutions to implement comprehensive security protocols and develop effective disaster recovery plans to mitigate the risks of data loss and service disruptions.
The Confidence Platform mitigates data security incidents by providing robust data protection and recovery in multi-cloud environments. It features ransomware detection, automated backups up to four times a day, and quick data recovery options, including app-aware restores. By storing backups in scalable Azure storage or other cloud options, the risk of data loss from a single point of failure is reduced. Administrators can choose between granular or complete restores and choose what to back up and when.
3. Suboptimal Data Management
Poor data management is a significant root cause of high-risk data-related problems, such as breaches and data loss. For instance, the Ministry of Digital Development and Information (MDDI) reported 201 data breach incidents in 2023, a 10.44% increase from the previous year, largely due to higher volumes of data usage. This increase in available data provides a larger attack surface for cybercriminals, leading to higher risks of data exploitation.
When data management practices are inadequate, data can proliferate unchecked within digital environments, lacking necessary protections. This sprawl makes it easier for cybercriminals to exploit vulnerabilities. Effective data management involves monitoring data flow from creation to deletion and establishing policies to prevent unauthorised access.
The Confidence Platform effectively mitigates risks associated with poor data management through several key features:
- Automating policy enforcement. The platform enables organisations to enforce precise policies that balance security and collaboration. For example, it can implement a rule requiring verification for guest access to SharePoint sites containing sensitive information, ensuring secure collaboration. This automation helps maintain compliance and reduces the risk of unauthorised access.
- Securing collaboration. The platform provides granular control over permissions, automatically identifying and remediating risky behaviours such as unauthorised sharing of sensitive information. This ensures data security while maintaining productive collaboration. By securing collaboration tools, organisations can prevent data leaks and maintain a secure digital environment.
- Managing data lifecycle. The platform automates the provisioning and management of workspaces, ensuring data is correctly classified, retained, and controlled from inception to deletion. This reduces data sprawl and ensures efficient data lifecycle management. Proper data lifecycle management is crucial for compliance and operational efficiency, as it helps organisations manage their data assets effectively and securely. These features collectively reduce the risk of data breaches and strengthen the overall data security posture of organisations.
Implementing a Strong Data Foundation in the Public Sector
Securing digital workspaces and sensitive data is crucial for preventing high-risk events, such as cyberattacks, unintentional or intentional data breaches, and data losses. This is particularly important for the public sector, which holds volumes of highly sensitive information necessary for daily operations. Ensuring effective data security is necessary to protect sensitive information and maintain public trust.
The public sector's digital transformation has led to the creation and storage of vast amounts of sensitive information, making data protection a matter of great importance. A breach in government systems can have far-reaching consequences, including compromised national security, identity theft, and erosion of public trust.
By addressing these key challenges, public sector agencies can not only safeguard their digital infrastructure but also prepare the foundation for transforming their digital environment securely.
As Singapore continues to navigate the complexities of the digital age, a strong focus on data security will be essential to sustaining its leadership in digital governance. Robust data security measures, such as encryption, regular security audits, and advanced cybersecurity protocols, are critical to fortifying the public sector's digital infrastructure and ensuring the safety of sensitive information.
Mayella is a Content Marketing Specialist at AvePoint, focusing on digital transformation, AI confidence, and education technology. With a background in content production and communications for B2B and e-commerce, she excels at helping businesses transform their digital workspace into a dynamic and efficient environment.
