The accounting and tax sector is facing unprecedented cyber threats, with new data revealing that scam victims in Singapore suffered losses of a staggering S$1.1 billion in 2024—a 70% year-on-year increase. This alarming statistic, from the Singapore Police Force’s Annual Scams and Cybercrime Brief, has triggered urgent calls for enhanced cyber resilience among professionals handling sensitive financial data.
The Human Factor: A Critical Vulnerability
The Cyber Security Agency of Singapore (CSA) confirms that a lack of cybersecurity knowledge remains the top barrier to adopting stronger defences. Bridging this knowledge gap is now seen as the first and most critical line of defence against threats that exploit human error.
A Three-Pillar Defence Strategy
Industry leaders recommend a multi-layered approach to cybersecurity:
- Continuous Employee Education: Regular, targeted training is essential to reduce the risk of phishing and social engineering attacks.
- Rigorous Cyber Hygiene: Foundational practices remain non-negotiable. These include enforcing multi-factor authentication (MFA), implementing strong password policies, maintaining strict access controls, and ensuring all software is consistently updated.
- Proactive Incident Response Planning: Adopting a “when, not if” mentality is crucial. Firms must develop and test a clear incident response plan outlining steps for detection, containment, recovery, and stakeholder communication following a breach.
Government Schemes Offer a Lifeline for SMEs
For small and medium-sized enterprises (SMEs) lacking in-house expertise, the government has launched initiatives to provide expert guidance.
- CTO-as-a-Service: Developed by the Infocomm Media Development Authority (IMDA), this programme offers SMEs complimentary access to digital consultants for advisory services, including cybersecurity and data protection strategy. The sign-up deadline for the complimentary consultancy is 30 September 2025.
- CISO-as-a-Service: An initiative by the CSA, this service provides SMEs with direct access to a pool of experienced cybersecurity consultants who act as a virtual Chief Information Security Officer. These experts perform health checkups, develop tailored cybersecurity plans, and help implement foundational cyber hygiene practices. Eligible SMEs can receive up to 70% co-funding support.
The CISO-as-a-Service model is particularly critical for resource-limited firms, granting them expert guidance tailored to their specific risk profile without the cost of a full-time executive.
finally,
The dramatic surge in cybercrime losses underscores a clear and present danger to the financial sector. For tax and accounting entities entrusted with highly sensitive client data, the imperative to act is now. By prioritising human training, enforcing basic cyber hygiene, and leveraging available government resources, organisations can transform from easy targets into resilient, trusted entities.