Strengthening governance over cyber resilience
Navigating new CSA CII requirements for board of directors
The new imperative for board-level accountability
In a significant move to elevate Singapore's cyber resilience, the government has announced a new requirement that board members of Critical Information Infrastructure (CII) owners must undergo cybersecurity training. This initiative aligns with global trends underscored in PwC’s 2026 Digital Trust Insights, which found that 60% of business and technology leaders worldwide are making cyber risk investment one of their top three strategic priorities for the year ahead, with 41% also focusing on relocating critical infrastructure to strengthen security.
As reported by The Straits Times, this directive is expected to be codified in the first quarter of 2026. This marks a pivotal shift, elevating cybersecurity from a purely technical function to a core tenet of corporate governance and board-level responsibility.
Why this matters for your organisation
This upcoming mandate presents both a challenge and an opportunity for CII owners:
- Strengthening business resilience: An informed board of directors is a strategic asset. By understanding the fundamentals of the cyber threat landscape, directors can more effectively steer the organisation, safeguarding its critical operations and public reputation in an increasingly volatile digital world.
- Establishing a new standard of governance: More than just a compliance exercise, the goal is to empower your directors. When equipped with the right knowledge, they can ask insightful questions, challenge assumptions, and make informed, risk-based decisions on cybersecurity strategy and investment.
How PwC can help: Empowering your leadership
At PwC, we understand that board-level training requires a unique approach. It's not about technical jargon; it’s about empowering strategic oversight, risk governance, and fiduciary duty.
We are ready to help your leadership with our executive cybersecurity programme for boards and senior management.
Our tailored programme empowers your board by:
Translating cyber concepts into business imperatives
We translate complex cybersecurity concepts into the language of business risk, strategy, and governance.
Focusing on governance
Our curriculum is built around the board's role in setting the "tone at the top," defining risk appetite, and providing robust oversight of Cybersecurity Code of Practice for CII (CCoP) compliance.
Simulating realistic adversary scenarios
We use case studies to immerse directors in realistic decision-making situations.
Providing actionable insights
Your board will leave the session not just with knowledge, but with a practical framework to immediately enhance their governance and oversight responsibilities.
Your end-to-end partner for CCoP compliance and resilience
This board-level training is a key component of our holistic suite of services designed to help you navigate the Cybersecurity Act – CCoP. PwC is your trusted partner for the entire CCoP lifecycle, offering a comprehensive portfolio of services to build and demonstrate cyber resilience:
- CCoP gap and readiness assessment: Identifying where your current practices stand against the CCoP requirements to create a clear roadmap for compliance.
- CCoP audit: Delivering independent, trusted assessment on your compliance with the CCoP.
- CII cybersecurity risk assessment: Assessing your cybersecurity posture against evolving threats to identify and prioritise risks to your CII.
- Security architecture review: Evaluating the design and implementation of your security architecture to ensure they are robust and fit-for-purpose.
- OT/ICS security assessment and architecture Review: Specialised assessments focusing on the unique security challenges of Operational Technology (OT) and Industrial Control Systems (ICS) to secure your core operations.
- Penetration testing and red teaming: Conducting authorised, simulated cyberattacks — from network penetration tests to full-scope Red Team exercises — to identify exploitable vulnerabilities in your CII.
- Cybersecurity simulation: Facilitating simulated incident scenarios, from tabletop discussions to full technical drills, to validate your incident response plan and team readiness.
- Cybersecurity awareness and training programmes: Developing and delivering customised security awareness programmes for all levels, from staff to senior management, to foster a security-first culture.
Secure your organisation's future today
Now is the time to get ahead of the curve and equip your board with the knowledge and confidence to govern effectively.
Connect with our cybersecurity experts today to learn more about how we can support your organisation’s complete CCoP journey.
