Singapore's Cyber Strategy: An Exclusive Conversation with David Koh on the Quantum Future, AI, and the Human Challenge

Amidst the bustling atmosphere of the global conference at Singapore International Cyber Week (SICW) 2025, which has solidified its status as one of the world's top two cybersecurity events, Techsauce was honored to have an exclusive discussion with David Koh, Singapore's Commissioner of Cybersecurity and Chief Executive of the Cyber Security Agency (CSA). This conversation revealed a deep and candid perspective on the complex and rapidly changing world of digital security, from the looming threat of quantum computing to the challenge of online scams, where the "human factor" is at its core.

SICW: A Global Cybersecurity 'Buffet'

In its 10th year, SICW has grown into an indispensable global platform, attracting over 13,000 participants. David Koh likens the event to a vast buffet where attendees can choose from a wide array of knowledge and insights. 

"You can't get to everything in one go," he said, reflecting the depth and breadth of the conference's content.

But what truly sets SICW apart is its role as a neutral and inclusive space. "There are not many places in the world where you can find China, Russia, the United States, and the European Union in the same room," David Koh explained. The ability to facilitate difficult but necessary conversations is central to its mission. 

If you don't have these difficult conversations, then downstream, you will have to face even more difficult consequences.

This philosophy of open dialogue is the foundation upon which Singapore is building its cyber defenses in a world of ever-changing threats.

From Nuisance to National Crisis: The Shifting Threat Landscape

The evolution of cyber threats is relentless. David Koh recounted how, just a few years ago, ransomware was still considered a mere nuisance or a criminal problem for the police to handle. But then the Colonial Pipeline attack in the United States became a major turning point, elevating ransomware from a digital annoyance to a serious threat to national infrastructure. 

Suddenly, in every bilateral meeting with my international counterparts, one of the top three topics was ransomware.

This experience has shaped his perspective on the new challenges emerging today Generative AI and the even more profound threat of Quantum Computing.

The impending future known as "Q-Day" the day a quantum computer becomes powerful enough to break all current encryption standards poses an existential threat to digital security. However, David Koh's approach is one of careful preparation rather than panic. He introduces a counter-intuitive but crucial concept the "First-Mover Disadvantage."

"In the world of quantum, we believe in the first-mover disadvantage," David Koh explained. "If you move too early, chances are you'll choose the wrong path, and that means you'll have to start over, wasting valuable resources."

Instead of rushing to adopt an unproven quantum encryption standard, the CSA has recommended a two-pronged strategy for organizations

1. Conduct a Crypto-Inventory: The first essential step is for organizations to thoroughly understand what encryption systems they are using and where they are located within their organization. "Frankly, we don't even know where all the encryption is being used," Koh admitted, highlighting a fundamental blind spot in many organizations.
2. Build Crypto-Agility: During their regular 3-5 year technology refresh cycles, organizations must ensure that new systems they procure are "ready to support new algorithms." This means acquiring hardware with sufficient memory and processing power to handle the more complex Post-Quantum Cryptography standards.

This pragmatic and forward-looking strategy lays the groundwork for a quantum-safe future without betting on a single, unproven technology today.

The Mission to Protect "Grandmothers" in a Digital World

Beyond the high-tech horizon of quantum, there is a more immediate and deeply personal battle: online scams. "In the past three years, we've lost over 3 billion Singapore dollars to scams," David Koh revealed, a staggering figure for a small nation. The most troubling part is that these losses are not due to sophisticated technical hacks. "Most of them are what we call self-inflicted scams. You did it yourself."

This is the challenge of Social Engineering, which preys on a fundamental gap in our social evolution. In the physical world, we have been taught safety instincts for generations. 

Our parents taught us to be careful when crossing the street, to look after our belongings," Koh illustrated. But in the digital world, your parents didn't teach you anything. It's you who has to teach your parents how to be safe. We are not Digital Natives.

Today's adults were thrust into the digital world without basic safety training, and the consequences are playing out in real-time. This is why a key mission for the CSA is to "protect your grandmothers."

Recognizing that awareness is key, Singapore's campaigns, featuring the mascot "Jaga" (meaning to guard), have been simplified to an easy-to-remember and actionable message: "Stop and Check." This is coupled with new legislation that criminalizes the act of giving up control of one's bank accounts or SIM cards to be used as money mules, tackling the problem from multiple dimensions.

The Governance Paradox: Regulating at the Speed of Technology

A persistent challenge for governments worldwide is that technology evolves much faster than laws. How can a country regulate something as fast-moving as Generative AI without stifling innovation?

David Koh openly shared Singapore's flexible and collaborative approach. "The government doesn't move fast, and neither does legislation," he acknowledged. The old model of spending years drafting a perfect law is no longer viable.

The CSA has therefore adopted an agile and consultative framework. For emerging technologies like AI and quantum, they release initial guidance and playbooks for public consultation. "We admit that we don't have all the answers," David Koh said transparently. "We think this is likely the right answer... and we want to hear your feedback."

This process allows the government to provide timely and useful direction to the industry while also allowing for learning, adaptation, and improvement as the technology matures. It's a model of governance that embraces uncertainty and leverages collective intelligence, moving away from rigid, top-down regulation toward a dynamic partnership with the ecosystem.

For David Koh and the Cyber Security Agency of Singapore, the mission is clear. Cybersecurity is not an obstacle to progress; it is the enabler of the digital future. It is the invisible architecture of trust that allows citizens to engage online safely, businesses to innovate with confidence, and a nation to fully unleash the limitless potential of the digital economy.