Argus – stock.adobe.com
As the post-Second World War rules-based order frays and geopolitical tensions spill over into the digital realm, maintaining stability in cyber space is no longer just an ideal, but an absolute necessity for modern life, said Singapore’s cyber security chief, David Koh.
Speaking at the Gitex AI Asia 2026 conference, Koh, commissioner of cyber security and chief executive of the Cyber Security Agency (CSA) of Singapore, pointed to the gloomy state of cyber security, warning that the economic and societal benefits of artificial intelligence (AI) and the digital economy will “come to naught” if cyber space is not secure.
“Without rules, all countries, perhaps with the exception of the great powers, will suffer amidst the destruction and chaos,” he told a gathering of tech leaders, government officials and IT professionals. “Cyber space is increasingly becoming unstable, threatened by escalating geopolitical tensions and rapidly evolving cyber threats. The outlook isn’t positive.”
Globally, cyber threats surged by 47% in the first quarter of 2025 compared with the previous year, said Koh, citing data from Check Point, a cyber security technology supplier. The economic toll is equally staggering, with ransomware expected to inflict $74bn in damages globally this year – a figure that could reach $276bn by 2031.
Singapore has not been immune to these threats. He noted a fourfold increase in advanced persistent threat (APT) attacks against the city-state between 2021 and 2024.
The situation prompted the Singapore government to take decisive action last year. In 2025, it announced that its critical information infrastructure (CII) had been targeted by the sophisticated APT actor known as UNC3886.
“We took the unprecedented step to name the threat actor so that we can crystallise the threat and educate our own public that our CIIs are under attack,” said Koh, stressing that Singapore’s own experience reveals a deteriorating and potentially dangerous state of cyber stability.
This worsening threat landscape is pushing nations to adjust their security postures, moving away from purely protective measures. “Concepts like active defence, forward defence, or even ‘hack back’, once uttered in closed policy circles or hushed tones, are now increasingly being heard openly,” said Koh.
Such aggressive postures carry risks in the “fog of war” of the internet. “A single misinterpreted signal can trigger a vicious cycle of escalation and potentially spill over with unpredictable consequences,” he warned.
To preserve cyber stability, Koh outlined three urgent calls to action for cyber leaders across government, academia and industry.
First, he called for nations to keep channels of communication open and practice restraint to pre-empt escalation. “Dialogue is not just about people who are friends or who think alike,” said Koh. “We also need to have dialogue with people who we don’t quite agree with.”
Second, he called for deeper cooperation between cyber agencies domestically and internationally, citing regional groupings such as the Association of Southeast Asian Nations and plurilateral platforms such as the Counter Ransomware Initiative as vital enablers for collective security. By exchanging threat information and working together to disrupt common adversaries, states can achieve better outcomes than they could alone.
Finally, Koh stressed the need to uphold existing international agreements, including the United Nations Charter and the 11 voluntary, non-binding norms for responsible state behaviour in cyber space.
Acknowledging the scepticism some might have regarding the effectiveness of international law in today’s turbulent climate, he remained resolute. “We have to keep on trying and not give up,” said Koh. “Without it, everyone, all of us, will lose. Cyber stability is not a luxury. It’s not something that’s [just] nice to have, but increasingly it is a necessity for our modern way of life.”
Read more on Hackers and cybercrime prevention
