The chief executive of Singapore’s Cybersecurity Agency (CSA) said that while some organizations in Singapore suffered cyber attacks, the fact that the country escaped the worst of 2017’s malware attacks was due to a convergence of lucky circumstances rather than skill.

In an interview with ChannelNews Asia, David Koh, chief executive of the CSA, said that the year could have been much worse for Singapore in terms of cyber attacks, but that the nation benefited from favourable circumstances.

For example, Singapore was mostly unscathed by the worldwide WannaCry cyber attacks that infected a quarter of a million computers last summer. However, two separate circumstances led to the country’s lucky break.

First, he said, most Singaporeans have updated operating systems, and the WannaCry ransomware affected older versions of Windows. Also, the attackers targeted specific regions of the world, and “if (the attack) had been targeted at Singapore, the results may have been quite different.”

“It is not that Singapore is particularly good or that Singaporeans are very alert with respect to malware, we were just lucky,” said Koh.

The Global Cybersecurity Index from the United Nations lists Singapore at the top of national cybersecurity strategy, with a ‘near-perfect’ approach to national cybersecurity. However, Koh notes that rankings like this are not entirely relevant in the real world.

“We may be better than other countries, but really the issue is how our cyberdefences are against the attacker. Here, I must say that the attackers are nimble, they are well-resourced and world-class.”

Koh added that because it is impossible to prevent cyber attacks from happening, it is important to fortify cyber defences, and ensure that systems are robust enough to weather an attack, and maintain basic operations, even if “at a degraded mode.”

The country’s Cybersecurity Bill is on schedule for review by Singapore’s parliament next year. The Bill is intended to improve communication and reporting of cyber incidents, particularly in critical sectors like government, healthcare, finance, and critical infrastructure.

The bill also secures collaboration between the CSA and other government agencies to develop the skills of cybersecurity professionals, creating a sustainable pool of skilled workers to offset the global security skills shortage.