SINGAPORE: A cybersecurity exercise jointly conducted by the Ministry of Defence (MINDEF) and the Singapore Business Federation (SBF) has revealed that nearly 20% of local employees clicked on phishing links, almost double the global average. The findings highlight the need for stronger cybersecurity awareness and training among Singapore’s workforce.
The exercise, conducted last month as part of Singapore’s Joint Response Exercise, involved more than 4,500 employees across five sectors, including retail and healthcare. Most of the participating companies were small and medium-sized enterprises (SMEs), which are often more vulnerable to cyber threats due to limited resources for cybersecurity measures.
During the exercise, employees were sent various types of phishing emails designed to test their ability to recognize and respond to cyber threats. The results showed that approximately three in ten employees opened the emails, suggesting a widespread lack of awareness about potential phishing scams.
Of greater concern was the low reporting rate—only about 5% of employees flagged the suspicious emails to their companies. This figure is 13 percentage points lower than the global average, indicating that many employees may not be sufficiently trained to detect and report cybersecurity threats.
Among the different phishing tactics tested, emails that impersonated internal company communications had the highest click-through rates. This suggests that employees are particularly susceptible to emails that appear to originate from within their own organization, underscoring the need for greater vigilance when handling internal messages.
In response to these findings, authorities plan to enhance cybersecurity training and conduct more exercises to help businesses and employees recognize and respond to cyber threats more effectively. The initiative aims to bolster enterprise resilience and reduce the risk of cyber incidents that could disrupt business operations or lead to data breaches.