Skip to content Skip to footer
Search

Loading Results

MAS Notice on Cyber Hygiene

On 6th August 2019, the Monetary Authority of Singapore (“MAS”) released Notice on Cyber Hygiene to raise the cyber security standards and strengthen cyber resilience of the financial sector. The Notice on Cyber Hygiene sets out the following cyber security requirements that financial institutions must comply with:

  • Securing administrative accounts,
  • Applying security patching,
  • Establishing baseline security standards,
  • Deploying network security devices,
  • Implementing anti-malware measures and
  • Strengthening user authentication.

The requirements are applicable to a “relevant entity” that is licensed, approved, registered or regulated by the MAS, including banks, merchant banks, insurers and insurance agents, insurance brokers, credit card or charge card licensees, financial holding companies, finance companies, financial advisers, capital market entities, trust companies, and operators of designated payment systems.

The Notice comes into effect on 6th August 2020.

Are you ready for the Notice?

On 6th August 2019, the Monetary Authority of Singapore (“MAS”) released a Notice on Cyber Hygiene to raise the cyber security standards and strengthen cyber resilience of the financial sector. 

With the Notice coming into effect on 6th August 2020, PwC has a quick health check for you to assess your readiness to comply with the Notice. The health check is anonymous, and a score will be calculated at the end of the health check. We will publish an insights report in the second half of 2020 based on the collected responses. If you wish to receive a copy of the report, you can leave your email address with us at the end of the health check.

Cyber Hygiene Health Check Tool

6 Cyber Hygiene Measures


Administrative accounts

Secure the use of every administrator account in respect of any operating system, database, application, security appliance or network device through preventive controls. These controls should prevent the unauthorised access to or use of such account.


Security patches

Address system vulnerabilities in a timely manner by applying available security patches to every system (including both hardware and software) in a risk-commensurate timeframe. Mitigating controls must be implemented where no security patch is available.


Security standards

Establish a written set of security standards for every system and ensure compliance to the security standards. Mitigating controls should be implemented where the system is unable to conform to the security standards.


Network perimeter defence

Implement controls at its network perimeter to restrict all unauthorised network traffic.


Malware protection

Implement malware protection measures on every system to mitigate the risk of malware infection, where available and can be implemented.


Multi-factor authentication

Strengthen user authentication through implementation of multifactor authentication for all administrative accounts in respect of any operating system, database, application, security appliance or network device that is a critical system, and all accounts on any system used to access customer information through the internet.

A concession is made for a period of 6 months from 6 August 2020 to 5 February 2021 (both dates inclusive) on implementation of multi-factor authentication if FIs meet all the following: 

  1. Risk assessment: identify all risks or potential risks posed by FIs’ noncompliance to implement multi-factor authentication; 
  2. Controls: implement controls to reduce risks identified above; and
  3. Appointed committee or member of the senior management: agree with the risk assessment and satisfied with the implemented controls being adequate to reduce the risks.

How we can help

  • Enhance your risk and regulatory posture through cybersecurity gap assessments
  • Work with you to identify key areas of concern and carry out targeted reviews for e.g. multi-factor authentication etc
  • Improve your processes to address the 6 measures in the Notice

Contact us

Tan Shong Ye

Partner, PwC Singapore

Tel: +65 9679 6920

Jimmy Sng

Partner, PwC Singapore

Tel: +65 9618 9773

Kyra Mattar

Third Party Trust Leader, PwC Singapore

Tel: +65 9735 2506

Chia Peiru

Director, PwC Singapore

Tel: +65 9628 9054

Rachel Lee

Director, PwC Singapore

Tel: +65 9672 0937

Ali Rasheed Butt

Senior Manager, PwC Singapore

Tel: +65 9616 7159

Follow us