A new study by KnowBe4 has found that more organisations in Singapore are turning to artificial intelligence (AI) to strengthen their cyber defences. The research shows that 56% of IT leaders in Singapore now rank AI as one of the top five most effective tools for preventing cyberattacks, a rise from 47% in 2024.
As cybercriminals refine their tactics, phishing emails are becoming harder to detect, even for experienced IT professionals. The study revealed that 72% of IT decision-makers mistakenly identified a legitimate email as a phishing attempt. This growing challenge has led many organisations to adopt AI-driven security solutions to improve their defences.
Key cybersecurity strategies for organisations
While AI adoption is on the rise, traditional cybersecurity measures remain essential. Network security tools such as firewalls and intrusion detection systems continue to be a top priority, with 60% of IT leaders ranking them among the most effective defences—though slightly lower than the 62% recorded in 2024. Similarly, multi-factor authentication (MFA) remains a key security measure, with 56% of IT leaders supporting its use, down slightly from 58% in 2024.
Collaboration is emerging as another crucial element of cyber defence. Half of the respondents (54%) highlighted the importance of sharing best practices and information about data breaches with businesses, law enforcement, and the government. This marks an increase from 51% in 2024. Encryption of sensitive data remains a priority but has seen a decline in ranking, with 50% considering it essential, compared to 55% last year.
Regular software updates and employee cybersecurity training continue to be recognised as important defences against cyberattacks. However, investment in these areas appears to be waning. The study found that 48% of IT leaders prioritise software patching (down from 50% in 2024), while 47% view employee training as critical (down from 57% in 2024). Despite the role of training in strengthening defences, investment in cybersecurity awareness training has dropped significantly from 64% in 2024 to 57% this year. This decline raises concerns about potential vulnerabilities as cyber threats become more sophisticated.
Security audits and expert consultations remain less common but are gaining traction. Regular security assessments were cited by 46% of IT leaders, up from 40% in 2024, while collaboration with external cybersecurity experts increased to 43%, up from 38% last year.
Dr Martin Kraemer, Security Awareness Advocate at KnowBe4, emphasised the importance of balancing AI with human expertise. “With Singapore now ranking as the world’s third most digitally competitive economy, it has also become a prime target for increasingly sophisticated cyber threats, making it crucial for organisations to stay ahead by continuously updating their AI-driven security systems and defence software,” he said. “As organisations accelerate their digital transformation, technology alone isn’t enough. The rapid rise in cyberattacks targeting Singapore highlights the need for a cybersecurity strategy that blends AI’s capabilities with human expertise. The most effective defences will combine machine learning with well-trained employees who can recognise, respond to, and mitigate emerging threats. As AI continues to evolve, businesses in Singapore must strike the right balance—leveraging automation while investing in employee training and awareness to build a truly resilient cyber defence.”
Cybersecurity investment remains strong but shifting
Despite the growing reliance on AI for cybersecurity, investment in other key security measures is declining. The research found that while overall cyber spending remains high, with 87% of organisations planning to invest in cybersecurity in 2025—consistent with 2024 figures—funding for specific security initiatives has decreased.
Some of the most notable reductions in funding include:
- Cybersecurity awareness training: 57% plan to invest, down from 64% in 2024.
- New cybersecurity software: 51%, down from 61% in 2024.
- Employee policy changes related to cybersecurity: 46%, down from 55% in 2024.
- Simulated phishing and social engineering training: 45%, down from 49% in 2024.
- Cybersecurity insurance: 39%, down from 50% in 2024.
Dr Kraemer warned against cutting back on fundamental security measures. “Our research reveals the increased adoption of advanced technology, which is encouraging, however the declining investment in fundamental security measures like awareness training is concerning. The key to effective cyber defence lies in striking the right balance between AI-powered offerings and human-centred security practices. That is why honing critical thinking skills by utilising security awareness training is more important than ever,” he said.
As cyber threats continue to evolve, Singaporean businesses must ensure they invest in both AI-driven defences and human expertise to protect against increasingly sophisticated attacks.
