Fri, 10 Jul 2026

Why Singapore’s security teams are falling behind

Ungoverned AI agents and increasingly sophisticated deepfakes are emerging as critical risks for Singaporean organisations, according to new research. The KnowBe4 study highlights a widening gap between how quickly AI is being adopted in day-to-day work and the safeguards needed to keep that technology from becoming an additional attack route.

The global report, titled From Agentic Risk to Human Wins: Building a Culture of Security in the Era of Agentic AI, finds that 44% of Singaporean organisations already deploy autonomous AI agents with little or no governance. In practice, this means “Shadow AI” is operating like an invisible layer of unofficial employees—handling sensitive data through tools that may not be approved, configured, or monitored by security teams.

The threat is compounded by employee uncertainty. A striking 93% of Singaporean employees say they are unlikely to be able to spot attacks such as deepfakes, with deepfake voice and video described as so realistic that trust becomes difficult. Compared with global figures, Singapore shows a higher likelihood of falling for impersonation scams: 87% of employees admit they could be tricked by deepfake fraud at work.

Cybersecurity leaders also report that AI is already changing operational behaviour. Two in five Singaporean cybersecurity leaders (40%) say AI agents are taking actions autonomously within organisational workflows. While AI adoption is widespread—99% acknowledge using AI in workflows—the governance picture is far weaker, with 44% stating their use is unapproved or ungoverned.

The research also points to a human factor that attackers may exploit. Every leader surveyed (100%) reports that human-related behaviours have affected their organisation’s cybersecurity over the past 12 months. Meanwhile, 67% of employees acknowledge that time pressures and workplace distractions contribute to security mistakes—even when they know the correct procedure.

Related:  Time to revisit your cyber insurance strategy in 2025
Q5. Which one of the following best describes how your organization currently reduces human-related cybersecurity risk? (Base: Cybersecurity Decision Makers, 800)
Source: KnowBe4 2026

A further concern is that staff may be sourcing tools independently. Nearly one in three employees (32%) say they commonly obtain their own agentic AI tools when options are unavailable or restrictive. Consistent with that, 56% of cybersecurity leaders report that unsanctioned software and AI apps have harmed their security posture in the last year.

Even where reporting cultures are claimed to be supportive, the data suggests friction. Although 88% of organisations say employees feel safe to report mistakes, 37% of employees admit they sometimes do not report security problems out of embarrassment.

“Cybersecurity has entered a volatile phase where organisations are trying to secure a hybrid human and AI workforce that’s changing more quickly than security leaders can keep up,” said Dr Kawin Boonyapredee, CISO Advisor at KnowBe4 APJ. The report argues that “wins” require guided systems, reinforced positive behaviours, and a security-first mindset across both AI agents and people.

Related Stories

MORE STORIES