Event News
Co-Written / Partner
Staff Reporter
, Singapore
Published:
201 views

KPMG’s Lee Ser Yen: Build security in from the start, not as an afterthought

He explores how Singapore’s technology sector is advancing in cybersecurity whilst balancing rapid innovation with strong compliance and reliable infrastructure.

Singapore has built a strong reputation as one of Asia’s leading technology hubs. With organisations in the city-state accelerating their adoption of emerging technologies, the growing importance of strengthening digital ecosystems and protecting client data has become integral to this endeavour.

KPMG Singapore’s Partner for Cyber Advisory Lee Ser Yen guides organisations towards this critical juncture in the tech landscape. With over 25 years of experience in the information security industry, Lee has played a significant role in shaping cybersecurity strategies, developing secure technology solutions, and supporting organisations in managing risk, compliance, and data protection.

His deep expertise in areas such as cybersecurity, cryptography, identity and access management, and governance, risk, and compliance technology makes him well-positioned to support Singapore’s continued advancement as a trusted digital innovation hub.

As one of the judges for the Singapore Business Review Technology Excellence Awards 2026, Lee shares his perspective on how Singapore organisations can successfully integrate innovation with cybersecurity and data protection, whilst examining the current landscape, strategies for secure digital adoptions, and scaling for operations.

How would you describe the current state of Singapore’s technology landscape, particularly in relation to cyber and digital protection?

Singapore is one of Asia's most digitally advanced economies, and it is doubling down on technology as the engine of its future competitiveness, with focused investments in infrastructure, governance, its people and their skills.

What makes Singapore's approach distinctive is how deliberate it is. Three things work together to shape the direction. The government takes an active hand in digital governance, setting clear regulatory expectations rather than leaving industry to figure it out alone. There's already been a strong cybersecurity and data protection framework in place for years. And underpinning all of it is the Smart Nation vision, now amplified by a serious national commitment to AI.

From a cybersecurity standpoint, AI gives defenders sharper tools to detect and respond to threats, but it also hands new capabilities to the bad actors. The threat environment isn't getting simpler either. State-sponsored attacks, ransomware, deepfakes, scams, and vulnerabilities are creeping in through third-party suppliers. These are live risks, not hypothetical ones.

Right now, AI is where the energy is. It's being looked to as the next engine of continuous growth, and that's an exciting prospect. But it comes with clear eyes about the risks. That is why AI governance matters so much. It is about making sure the enormous potential of AI is captured responsibly — in a way that people and organisations can actually trust.

In what ways should companies balance rapid digital adoption with the need for secure and reliable architectures?

The pressure for digital transformation is relentless, and the pace of digital adoption can be difficult to manage. It is important to build security in from the start, not as an afterthought.

That means making security part of how you design, build, and ship products. Performing threat modelling before a line of code is written, secure practices baked into your development process, and automated testing that catches problems early.

Trust also needs to be reconsidered. In a modern digital environment, the zero-trust concept should be incorporated into the system design. No user or system should be free to roam just because they're already inside the network. Verifying continuously and giving access only when it is actually required is just good practice.

The same mindset applies to resilience. It isn't something you bolt on after a crisis. Redundancy, tested recovery plans, and infrastructure you can version and roll back should be in place right from the start.

Security also needs to be visible at the top. Digital risk is a business issue. Governance frameworks tied to recognised standards help keep that risk on the executive agenda, whilst proper oversight of third-party suppliers closes one of the most commonly overlooked gaps.

People matter just as much as technology here. A team that knows how to spot a threat and feels safe raising one is one of your strongest defences. In addition, a culture with a blame-free reporting environment is just as valuable.

And when it comes to regulation, the organisations should treat compliance as a competitive edge rather than a box-ticking exercise. Privacy by design and audit-ready processes are signs of maturity.

Ultimately, the organisations best placed to grow fast are those that treat resilience as a strong foundation. Not a mere constraint.

How can companies transform their operations to integrate security and innovation at scale?

The companies that get this right have treated security and innovation as complementary strengths.

Governance is the starting point and should be redesigned for speed, not control. Approval-based checkpoints can be replaced with policy-as-code and risk-based frameworks that let teams move fast within clear boundaries. Alongside this, security has to be automated. Good practices also include embedding scanning into CI/CD pipelines and enforcing configuration standards through infrastructure-as-code. Companies need to operate security at machine speed rather than becoming the bottleneck.

There is also a need to shift security expertise from a centralised team to more distributed parts in the organisation. Security champions can be embedded within product and engineering functions, paired with role-specific training so every part of the business can make security-aware decisions. Security has to be part of how the organisation works rather than in separate functions. Security requirements should be built into product roadmaps, architecture reviews, and vendor selection from the start. This connects to a broader design philosophy: building for resilience rather than perfection.

The tone from the top is essential to ensure culture follows what executives visibly prioritise. The shift is from treating security as a burden on innovation to recognising it as the foundation that makes sustainable innovation possible.

Which strategies have proven most effective in bringing secure and compliant technology products to markets?

The most effective way to bring secure and compliant technology products to market starts with embedding security and privacy early into product development. Security and privacy by design have to be practised from day one. Structured threat modelling has to be conducted at each design stage, incorporate security requirements directly into acceptance criteria, and ensure clear ownership of product security across teams

It is also important to do thorough risk and regulatory mapping tailored to specific verticals. Whilst absolute security is impractical and stalls innovation, organisations must have a clear risk appetite and apply risk-based decision-making to prioritise controls that matter most, rather than treating every vulnerability as equally critical. This pragmatic mindset allows teams to maintain defensible, auditable compliance postures aligned to frameworks like SOC 2, ISO 27001, or NIST CSF.

Most breaches now originate in third-party software or services; it is important to establish a supply chain risk programme so that you ensure your product’s compliance. You must be able to respond rapidly to vulnerabilities in upstream components before they become product liabilities. Adding on continuous compliance monitoring, automated security testing in CI/CD pipelines, independent penetration testing, and proactive regulator engagement will transform security from a cost into a competitive differentiator.

What developments in security, data protection, or digital infrastructure do you expect will most influence the industry in coming years?

The coming years in security and digital infrastructure will be defined by the following overlapping trends:

AI is enabling attackers with hyper-personalised phishing, faster vulnerability discovery, and automated exploitation, as well as empowering defenders through behavioural analytics and autonomous threat response. Security Operations Centres are increasingly offloading triage and investigation to AI agents to overcome endemic alert fatigue and manpower shortage.

Data protection is struggling with patchworks of national and regional regulations, from GDPR to the DPDP Act in India and PIPL in China. At the same time, digital sovereignty is moving from a policy debate into a physical constraint as governments demand localised data storage and trusted infrastructure.

Post-quantum cryptography is moving from theoretical concern to operational urgency following release of NIST's 2024 standards, with "harvest now, decrypt later" attacks becoming a reality.

Shift from perimeter-based prevention toward Zero Trust architectures and resilience-first thinking. The ability to detect, contain, and recover from breaches has quickly become as valuable as the ability to prevent them.

Underlying all of this is a workforce crisis with over four million unfilled roles globally, mostly in cloud security, AI security, and OT specialisms. It is structural rather than cyclical, outpacing both training pipelines and the ability of organisations to retain what talent they do acquire.

As a judge for the Singapore Business Review Technology Excellence Awards 2026, how do you evaluate a company’s overall contribution to Singapore's technology ecosystem?

As a judge, I am looking for entries which excel in innovation, impact, and implementation.

Firstly, the key innovations and achievements of each entry or solution should be outstanding. Over the years, I am glad to see that entries have closely tracked key technology advances in a wide range of fields, from AI to fintech to healthcare.

Secondly, what positive impact does the solution bring to the Singapore technology ecosystem? Whether in financial terms, social benefits or technology advances, innovation must be purposeful and solve real-world problems and deliver value to users, stakeholders and society.

Lastly, it is important to see how the solution has been implemented and how the benefits have been realised.

Follow the link for more news on

SBR Technology Excellence Awards

Also Read

USC Rossier expands global reach with two new doctoral cohorts for Asia's senior leaders

Stay ahead and turn AI adoption into a sustainable advantage with Darktrace

Join Singapore Business Review community

Most Read

1. Simba-M1 deal setback dims hopes for telco tie-ups: report 2. Singtel to partner with DISG to speed up AI transformation 3. HDB resale volume slips 6.3% as softening trend extends in May 4. UOB's potential asset management sale could unlock value for wealth push 5. Citibank Singapore offers Citigold clients one-day Porsche test drives

Top News

Enviro-Hub fire hits Gul Crescent e-waste site
Enviro-Hub fire hits Gul Crescent e-waste site
Enviro-Hub fire hits Gul Crescent e-waste site
The premises are used as an office warehouse and recycling facility
Markets & Investing
22 hours ago
EnterpriseSG launches 2035 standards roadmap
EnterpriseSG launches 2035 standards roadmap
EnterpriseSG launches 2035 standards roadmap
Gan Kim Yong announced the plan on 11 June at the gala dinner.
Economy
1 day ago
1 in 3 firms investing in AI with little oversight
1 in 3 firms investing in AI with little oversight
1 in 3 firms investing in AI with little oversight
IDC surveyed 800 technology leaders across APAC, Europe and the US.
Information Technology
1 day ago
Bank of Singapore moves Lim to Dubai for UHNW push
Bank of Singapore moves Lim to Dubai for UHNW push
Bank of Singapore moves Lim to Dubai for UHNW push
Lim takes over Middle East South Asia and International markets on 1 July 2026.
Financial Services
1 day ago

Exclusives

BofA expands payment push as clients shift liquidity
BofA expands payment push as clients shift liquidity
BofA expands payment push as clients shift liquidity
Treasury functions move closer to board-level decisions.
Financial Services
1 day ago
Employers seek learning ability as AI disrupts jobs
Employers seek learning ability as AI disrupts jobs
Employers seek learning ability as AI disrupts jobs
INSEAD expands programmes as workers face pressure to reskill quickly.
HR & Education
1 day ago
Art buyers seek safer canvases
Art buyers seek safer canvases
Art buyers seek safer canvases
Younger collectors in their 20s and 30s are entering the market.
2 days ago
Singapore telecom crowding persists after Simba-M1 deal collapse
Singapore telecom crowding persists after Simba-M1 deal collapse
Singapore telecom crowding persists after Simba-M1 deal collapse
Its small market has left the mobile and fixed broadband sectors saturated.
Telecom & Internet

Event News

Inside Fujitsu Asia Pte Ltd’s win at the Singapore Business Review International Business Awards 2026
Inside Fujitsu Asia Pte Ltd’s win at the Singapore Business Review International Business Awards 2026
Ker Yang Tong, ASEAN CTO at Fujitsu Asia Pte Ltd, shares how its AI Computing Broker tackles AI growth whilst reducing power use.
Inside Vena Group’s win at the Singapore Business Review National Business Awards 2026
Inside Vena Group’s win at the Singapore Business Review National Business Awards 2026
India’s streaming infrastructure redraws sports production
Media & Marketing India’s streaming infrastructure redraws sports production
Fox Sports studies India’s mobile-first production
Media & Marketing Fox Sports studies India’s mobile-first production

Videos

Automation helps Singapore offset labour limits

Automation helps Singapore offset labour limits

M1-SIMBA collapse tests telco investment

M1-SIMBA collapse tests telco investment

The Singapore Academy of Law launches playbook for legal leaders

The Singapore Academy of Law launches playbook for legal leaders

Inside Fujitsu Asia Pte Ltd’s win at the Singapore Business Review International Business Awards 2026

Inside Fujitsu Asia Pte Ltd’s win at the Singapore Business Review International Business Awards 2026

View more videos
Join the community

Thought Leadership Centre

Strengthen business resilience through strategic trade credit protection with NCI

Safeguarding Success: How Trade Credit Insurance Powers Singapore Businesses Amid Rising Bad Debts

In Association with

2026 Global Economic Outlook: Steady, but fragile global growth

Career paths reimagined. The changing world of work

In Association with

Most Read

1. Simba-M1 deal setback dims hopes for telco tie-ups: report 2. Singtel to partner with DISG to speed up AI transformation 3. HDB resale volume slips 6.3% as softening trend extends in May 4. UOB's potential asset management sale could unlock value for wealth push 5. Citibank Singapore offers Citigold clients one-day Porsche test drives

Resource Center

How to Secure AI in the Enterprise

Unleash the Power of Cloud

Print Issue

Read Here
Advertise
Sign Up

Awards

Nov
19

SBR Management Excellence Awards

Partner Events

Jul
06

Singapore Compliance & Ethics Conferences

Event News

Inside Fujitsu Asia Pte Ltd’s win at the Singapore Business Review International Business Awards 2026
Inside Fujitsu Asia Pte Ltd’s win at the Singapore Business Review International Business Awards 2026
Ker Yang Tong, ASEAN CTO at Fujitsu Asia Pte Ltd, shares how its AI Computing Broker tackles AI growth whilst reducing power use.
Inside Vena Group’s win at the Singapore Business Review National Business Awards 2026
Inside Vena Group’s win at the Singapore Business Review National Business Awards 2026
India’s streaming infrastructure redraws sports production
Media & Marketing India’s streaming infrastructure redraws sports production
Fox Sports studies India’s mobile-first production
Media & Marketing Fox Sports studies India’s mobile-first production

Videos

Automation helps Singapore offset labour limits

Automation helps Singapore offset labour limits

M1-SIMBA collapse tests telco investment

M1-SIMBA collapse tests telco investment

The Singapore Academy of Law launches playbook for legal leaders

The Singapore Academy of Law launches playbook for legal leaders

Inside Fujitsu Asia Pte Ltd’s win at the Singapore Business Review International Business Awards 2026

Inside Fujitsu Asia Pte Ltd’s win at the Singapore Business Review International Business Awards 2026

View more videos

Partner Sites

Hong Kong Business
Hong Kong Business
Asian Banking and Finance
Asian Banking and Finance
Insurance Asia
Insurance Asia
Asian Business Review
Asian Business Review
Asian Power
Asian Power
Retail Asia
Retail Asia
Healthcare Asia Magazine
Healthcare Asia Magazine
Real Estate Asia
Real Estate Asia

Commentary

Telecom & Internet

What Singapore’s app store rules reveal about the future of online trust

Building & Engineering

Faster hiring alone will not fix construction’s productivity problem

Hotels & Tourism

Beyond policy: How Singapore's service sector can win at the frontline

Information Technology

Solving the production problem behind Singapore’s ‘pilot purgatory’

Information Technology

Transformation without disruption: Your Existing ERP is an accelerant to business innovation

Information Technology

From Singapore to Southeast Asia: Thriving in innovation by knowing when to pause

Markets & Investing

Section 13O, MAS, and the digital footprint of Singapore Family Offices

HR & Education

Could Singapore lead the world's next management revolution?