MDDI's response to PQ on Reports pf Ramsomware Incidents by Singapore-based Companies and Legislation on Ban of Ransom Payments

Parliament Sitting on 5 November 2025

Question for written answer

39. Mr Gerald Giam Yean Song asked the Minister for Digital Development and Information (a) how many ransomware incidents have been reported by Singapore-based companies in the past three years, with a breakdown by company size; (b) whether the Ministry plans to legislate a ban on ransom payments; and (c) what is the Ministry’s assessment of the net benefit of such a ban, balancing reduced criminal funding against business impact.

Answer

On average, there were 141 ransomware incidents reported to Government agencies annually between 2022 to 2024. Around 60% of these incidents were reported by small and medium enterprises¹. The rest were reported by larger enterprises as well as non-profit organisations.

Singapore strongly discourages the payment of ransoms to ransomware actors. These attackers are criminals. Payment does not guarantee restoration of access to affected systems and data or prevent stolen data from being published. Organisations that have paid up may also be viewed as “soft targets” and prone to repeat attacks. Instead, we encourage everyone to adopt good cyber hygiene practices to better protect their systems and data against ransomware. We have made resources available at the Ransomware Portal to help them better protect themselves.

We are aware that some countries such as the UK are considering legislating a ban on ransom payments. The aim is to disincentivise ransom payments, and in so doing, cut off an important source of criminal funding for the ransomware industry. However, there are also concerns ransom payments may simply be pushed underground. We are therefore continuing engagements with our counterparts to better assess the effectiveness of legislating a ban.

¹ Enterprises with a group revenue of up to S$100 million or a maximum employment size of 200 employees.