Singapore releases quantum readiness tools, and other cybersecurity news

Singapore's Cyber Security Agency has launched two critical resources to help organizations prepare for quantum computing threats: a Quantum-Safe Handbook and Quantum Readiness Index.

Developed in collaboration with GovTech Singapore, Infocomm Media Development Authority and technology companies, these initiatives aim to guide critical infrastructure owners and government agencies through the complex transition to quantum-safe cryptography.​

The handbook addresses the quantum threat – the risk that sufficiently powerful quantum computers could undermine existing cryptographic systems safeguarding digital infrastructure, endangering secure communications, financial transactions and identity management. While the timeline for this threat remains uncertain, the migration to quantum-safe solutions is described as a complex "multi-year endeavour" requiring early planning and coordination.

The Quantum Readiness Index serves as a self-assessment questionnaire, allowing organizations to evaluate their preparedness levels and prioritize migration actions.

Both documents reflect principles found in the World Economic Forum's Quantum Readiness Toolkit: Building a Quantum-Secure Economy, published in 2023, which calls for a global, cross-border approach to cybersecurity and governing quantum risk, providing organizations with a framework to assess their quantum readiness and identify steps to enhance security measures.​

The documents are under public consultation until 31 December 2025.​

The UAE has announced the approval of a National Encryption Policy and the issuance of an accompanying executive regulation, introducing a unified framework for securing sensitive data and outlining a phased shift toward post-quantum cryptography across government entities.

The move comes as the country faces a rapidly evolving cyber threat landscape shaped by advances in artificial intelligence and quantum technologies. In parallel, the UAE Cybersecurity Council has expanded its focus on emerging risks through newly established taskforces, including an AI and Emerging Tech Taskforce led by H.E. Dr. Al Kuwaiti, which examines vulnerabilities linked to next-generation technologies.

Taken together, these developments highlight the UAE’s efforts to adapt its cybersecurity posture amid increasing concern over systemic digital risks and the resilience of national infrastructure.

The UK government has proposed new laws to protect essential services against cyber attacks. The Cybersecurity and Resilience Bill, introduced to Parliament on 12 November, shores up cyber defences for healthcare, energy, water and transport networks.

The average cost of a significant cyberattack in the UK is now over £190,000 ($250,000), costing the UK economy around $19.4 billion or 0.5% of GDP each year.

The new legislation comes after the UK's Office for National Statistics cited the cyber attack on Jaguar Land Rover as one reason UK GDP grew by just 0.1% in the third quarter, falling from the predicted 0.2%.

The malicious event forced JLR's major plants to shut down for almost six weeks in September and October, with cyber-related costs alone reaching £196 million ($259 million). The company posted a £485 million ($640 million) loss in Q3 compared with a profit of £398 million ($525 million) for the same quarter in 2024.

The UK's new legislation targets medium and large companies providing IT management, help desk support and cybersecurity services to organizations like the NHS, bringing them under regulation for the first time.

Regulators will gain powers to designate critical suppliers meeting specific criteria, requiring them to comply with minimum security requirements and close supply chain gaps.

In June 2025, the UK Government published the findings of its Cybersecurity Breaches Survey, which found only a third of all the businesses and charities surveyed had policies covering cybersecurity risks – and even fewer had a business continuity plan in place.

The European Union has formally designated 19 technology companies – including Amazon Web Services, Google Cloud and Microsoft – as "critical" third-party service providers to the financial sector under the Digital Operational Resilience Act. The designation reflects the financial industry's growing dependence on a small number of cloud and technology vendors for core operational services, aiming to minimize systemic risks posed by outages or cyber incidents.

The US Congressional Budget Office (CBO) confirmed it was hacked by unspecified foreign actors, with officials concerned that hackers accessed internal emails, chat logs and communications between lawmakers' offices and CBO researchers.

International law enforcement authorities coordinated by Europol and Eurojust dismantled major cybercrime infrastructure in the latest phase of Operation Endgame, conducted between 10-13 November from Europol's headquarters in The Hague. The operation resulted in the takedown of 1,025 servers, seizure of 20 domains and the arrest of the main suspect behind remote access trojan VenomRAT in Greece.

Internet services and security company Cloudflare suffered a major service outage on 18 November, affecting major platforms including X, OpenAI and Anthropic. The outage was triggered by a configuration error in Cloudflare's Bot Management system, not a cyber attack, after a database permissions change caused a feature file to double in size, exceeding software limits on machines routing network traffic.

Togo and Mozambique have signed a Memorandum of Understanding strengthening bilateral cybersecurity collaboration.

With mounting cyber threats due to AI, the need for skilled cybersecurity professionals has never been more pressing, write Melonia da Gama, Director of Training and Learning Programs, Fortinet and Natasa Perucica, Lead, Capacity Building, World Economic Forum and Companies are increasingly turning to AI to address the global shortage of cybersecurity workers. Cybersecurity training must also include soft skills vital for effective risk management.

India faces a particularly acute talent shortfall, with demand for trained cybersecurity professionals far exceeding supply. Industry estimates suggest a shortage on the order of 1 to 1.5 million skilled professionals. The centre of the risk landscape sits with micro-, small- and medium-sized enterprises. Initiatives such as the Forum’s strategic cybersecurity talent framework are working to help individuals enter and thrive in the workforce. Leveraging AI for defensive automation could become a force multiplier, but only if governance frameworks balance automation with accountability, ensuring privacy protections remain robust.

AI's market boom seems to be on course for a correction, exposing over reliance on a few highly visible firms, writes William Dixon, Associate Fellow, Royal United Services Institute. This concern is moving firms and governments to a greater focus on digital resilience and investments in diversified infrastructure. Long-term value for cybersecurity lies in investing in fundamentals over speculative AI tools. This will depend on developing resilient and adaptive cybersecurity strategies.