Almost half (46%) Singaporean IT decision makers are struggling to identify a scam or phishing email, according to new research from KnowBe4.
This study was conducted online between the 13th – 17th January 2025. The sample comprised 202 Singaporean IT decision makers across industries.
YouGov designed the questionnaire. The majority of respondents were from large organisations or those with more than 1,000 employees.
The research suggests that phishing attacks are becoming more sophisticated and confusing, with results revealing that 72% of IT leaders incorrectly identified a real email as a scam/ phishing email.
While just over half (54%) correctly identified another email example as a scam/phishing, two in every five (39%) thought it was legitimate and 7% said they weren’t sure.
Despite this confusion in identifying fake emails, fewer IT decision makers than in 2021, 2022 and 2024 say they are concerned about phishing and business email compromise (BEC) as a risk to their organisation (36%).
The results also reveal a decline in cybersecurity responsibility, with only a third (36%) of individuals believing that protecting their organisation from cyber threats is a shared responsibility — down from 40% in 2024, 60% in 2022, and 46% in 2021.
This steady decline marks a continued year-on-year decrease in individual accountability and highlights a growing challenge for organisations, as a lack of collective ownership could leave businesses more vulnerable to attacks.
BEC “remains one of the most financially damaging cyber threats facing Singapore organisations today with the country’s high digital connectivity and its role as a global financial and business hub. These latest insights are deeply concerning, as organisations see a decline in individual accountability for cybersecurity, the risk of BEC attacks only grows”, said Martin Kraemer, security awareness advocate at KnowBe4.
When thinking about how their organisation is protected from cyber-attacks, the data reveals a growing shift in cybersecurity responsibility, with more organisations placing the burden on IT teams (47% — up from 42% in 2024, 25% in 2022 and 34% in 2021).
Over two in five believe that responsibility lies with the government (42% — up from 37% in 2024, 14% in 2022 and down from 25% in 2021) rather than individual employees.
Meanwhile, only three in 10 employees recognise their own role in cybersecurity, signaling a declining sense of individual accountability (31% — up from 28% in 2024, 23% in 2022 and 24% in 2021).
Furthermore, just one in five (19% — down from 24% in 2024, 25% in 2022 and 28% in 2021) say there is technology that should be protecting the organisation from cyber-attacks, and this has continued to decline since 2021.
An overwhelming 89% of respondents believe the government should be doing more to protect businesses from cyber-attacks — marking a significant increase from 84% in 2024, 72% in 2022, and 71% in 2021.
Key areas of demand include greater public education and awareness on cyber risks and how to stay safe online (61% — up from 48% in 2024 , 48% in 2022 and 44% in 2021) increased funding to help Singaporean businesses for cyber protection (51% — up from 40% in 2024, 42% in 2022 and 40% in 2022) providing more training for Singaporean businesses on cyber risks (52% – down from 54% in 2024, 42% in 2022 and 47% in 2022).
This sharp rise in expectation highlights the urgent need for stronger government-led initiatives to support businesses in navigating today’s increasingly complex cyber landscape.
“The findings underscore the urgent need for companies to reinforce a culture of cybersecurity awareness and shared responsibility to mitigate cyber threats,” said Kramer.
Kramer added that generative AI tools are rapidly making phishing emails more dangerous for organisations being more advanced, frequent and harder to spot.
