"Smaller companies are being more targeted by hackers and yet remain less protected." Our CEO Gaurav Keerthi shared his views with Channel News Asia on how the cyber landscape is changing rapidly for SMBs, and how compliance will exponentially reshape cyber hygiene for them — because cybersecurity baselines are now a "recursive standard".
"Smaller companies are being more targeted by hackers and yet remain less protected."
— Gaurav Keerthi, CEO of StrongKeepWhat Does It Mean for Cybersecurity to Be "Recursive"?
Cybersecurity is becoming a license to operate, even for the smallest business. We are seeing more SMEs step up their security — not because of fear, but because:
- Regulators are raising baseline expectations across supply chains and industries.
- Contracts from large customers now include explicit security clauses.
The standard being referenced by regulators and customers in Singapore is Cyber Essentials. One of its recommendations states: "The organisation should review the cybersecurity posture of third parties or contractors… to adequately manage supply chain risk."
In simple terms: if Company ABC is required by a regulator or a major client to achieve Cyber Essentials, it cannot comply in isolation. To meet that requirement properly, ABC must assess and often impose similar cybersecurity expectations on its own vendors. Those vendors, in turn, must evaluate their third parties. And so the requirement propagates.
"It is a standard that calls on itself in order to be true. A classic case of recursion."
— Gaurav Keerthi, CEO of StrongKeepFrom Internal IT Decision to Ecosystem Obligation
This is how cybersecurity moves from being an internal IT decision to an ecosystem obligation:
- One contract triggers another.
- One certification requirement flows downstream.
- One regulator's signal reshapes an entire supply chain.
For SMBs, this changes the conversation entirely. Cybersecurity is no longer about whether you think you are a target. It is about whether you want to remain eligible to do business.
The companies that understand this early will treat baseline cybersecurity as part of their core business infrastructure. The rest may only realise it when a renewal, tender, or audit forces the issue.
"The question is no longer 'Are we likely to be attacked?' — it is 'Are we ready when our customers start asking?'"
— Gaurav Keerthi, CEO of StrongKeepWatch the Full Segment
