SINGAPORE, Singapore (July 2026) — A single security lapse could soon cost data centers in Singapore up to $1 million (approx. PHP 58.7 million) as regulators move to treat digital infrastructure with the same weight as power grids and water systems. The proposed Digital Infrastructure Bill serves as a major wake-up call for the region, signaling a shift toward much stricter oversight of the facilities that power our digital lives.
The high cost of failing security
The new bill seeks to designate data centers and cloud providers as critical national infrastructure. This puts them in the same category as essential services like water and electricity. According to Takanori Nishiyama, Senior Vice President APAC at Keeper Security, this move is a signal that the rest of the Asia Pacific region cannot afford to ignore.
The stakes are higher than ever because of “harvest-now, decrypt-later” attacks. This is a strategy where threat actors steal encrypted data today with the intention of using advanced quantum computing to unlock it in the future. Nishiyama notes that advancements in quantum technology are quickly shrinking the window organizations have to protect long-lived data.
AI is making attacks more aggressive
It is not just quantum computing causing concern. The rise of frontier AI is helping hackers launch more aggressive attacks against public systems. Traditional defenses were not built to handle these high-speed, automated threats.
Despite these growing risks, many organizations in the region are still playing catch-up. Recent research from Keeper Security found that 46 percent of security leaders in APAC identify cloud security gaps as their biggest weakness. These gaps often include simple misconfigurations or giving employees more access permissions than they actually need. Even more concerning is that only 38 percent of organizations have fully deployed privileged access management systems.
How to prepare for the new rules
For tech leaders and data center operators, compliance is moving away from being a simple paperwork exercise and toward a matter of survival. To stay ahead of these potential million-dollar fines, experts suggest that companies must start by mapping out exactly which systems and vendors handle sensitive data.
The focus should shift to containing breaches rather than just trying to prevent them. This includes enforcing “least-privilege” access, which ensures that a single stolen password cannot be used to move through an entire network. By building continuous visibility into every digital session, organizations can protect themselves against the next wave of sophisticated cyberattacks.
