A January 2025 survey of 202 Singaporean IT decision makers reveals a troubling trend among Singaporean IT decision-makers, with nearly half (46%) struggling to distinguish between legitimate emails and phishing scams. The findings highlight an alarming rise in the sophistication of phishing attacks, leaving many IT leaders vulnerable to costly cyber threats.
The study by Knowbe4 indicates that 72% of IT executives misidentified legitimate emails as scams, demonstrating a significant challenge in recognising the increasing complexity of cyber-attacks. Despite this confusion, only 36% express concern about phishing and business email compromise (BEC) risks, a decrease compared to previous years. This decline in vigilance is particularly concerning as it may leave organisations more exposed to financial damage from cyber incidents.
The research also uncovers a worrisome shift in perceptions of cybersecurity responsibility. Only 36% of respondents believe that safeguarding their organisation from cyber threats is a collective effort, a marked drop from 40% in 2024 and 60% in 2022. This trend suggests a diminishing sense of accountability among employees, which could exacerbate vulnerabilities within organisations.
Martin Kraemer, security awareness advocate at KnowBe4, emphasises the significance of these findings. “Business email compromise remains one of the most financially damaging cyber threats facing Singaporean organisations today. With the country’s high digital connectivity and its status as a global business hub, the decline in individual accountability is increasingly alarming,” he states.
The data also reveals a growing tendency for organisations to shift cybersecurity responsibilities onto IT teams, with 47% of respondents believing that protection from cyber-attacks is primarily their duty—a rise from 42% in 2024. In contrast, only 30% of employees recognise their role in maintaining cybersecurity, indicating a worrying trend of disengagement.
Additionally, there is a notable decline in the belief that technological solutions can adequately safeguard organisations, with only 19% of respondents expressing confidence in existing protective measures—down from 24% in 2024.
This situation has led to a significant call for government intervention, with 89% of IT leaders advocating for more robust governmental action to protect businesses from cyber threats. Key areas of demand include enhanced public education on cyber risks (61%), increased funding for cybersecurity initiatives (51%), and more training on cyber awareness (52%). These expectations highlight an urgent need for stronger government-led initiatives to help businesses navigate the complexities of today’s cyber landscape.
Kraemer says the findings stress the importance of cultivating a culture of cybersecurity awareness and shared responsibility within organisations. "As phishing techniques become more advanced and frequent, businesses must prioritise comprehensive email security, employee training, and multi-layered defences to safeguard their critical assets,” he concludes.
