Singapore IT leaders boost AI security defences

Over half of IT leaders (56%) in Singapore ranked artificial intelligence (AI) as one of the top five most beneficial security defences amid increasingly sophisticated cyber threats, up from 47% a year ago, according to a study by KnowBe4.

The shift towards AI-based security is driven in part by the insidious nature of phishing attacks. A staggering 72% of IT professionals in the study mistakenly identified a legitimate email as a phishing attempt, showing that even experienced professionals can find it difficult to discern genuine communications from malicious ones.

While AI is gaining traction, traditional security measures remain important. Network security – including firewalls and intrusion detection systems – and multifactor authentication (MFA) continue to be highly ranked, although their perceived importance has slightly decreased compared with 2024.

Collaboration is also emerging as a key defence strategy, with over half of IT leaders noting the importance of information sharing between organisations, government and law enforcement.

However, the study revealed a concerning trend: despite the growing threat landscape, investment in several crucial security areas is declining. Funding for cyber security awareness training has dropped to 57% from 64% in 2024, marking a consistent downward trend over the past few years.

Investments in new cyber security software, employee policy changes related to cyber security, simulated phishing exercises and cyber security insurance have also decreased. This decline in investment in fundamental security practices is particularly worrying in light of Singapore’s growing digital economy, which accounts for about 18% of the city-state’s GDP.

“With Singapore now ranking as the world’s third most digitally competitive economy, it has become a prime target for increasingly sophisticated cyber threats, making it crucial for organisations to stay ahead by continuously updating their AI-driven security systems and defence software,” said Martin Kraemer, security awareness advocate at KnowBe4.

“As organisations accelerate their digital transformation, technology alone isn’t enough. The rapid rise in cyber attacks targeting Singapore highlights the need for a cyber security strategy that blends AI’s capabilities with human expertise. The most effective defences will combine machine learning with well-trained employees who can recognise, respond to and mitigate emerging threats.

“As AI continues to evolve, businesses in Singapore must strike the right balance – leveraging automation while investing in employee training and awareness to build a truly resilient cyber defence,” he added.

At the recent Garter Security and Risk Management Summit in Sydney, Gartner analysts pointed out some quick wins among the uses of AI in cyber security. These include security testing of in-house code, runtime controls and data masking. Strategic priorities should include data governance, DevSecOps and incident response playbooks.

In security operations, generative AI (GenAI) can help to summarise alerts, producing a risk overview of the attack surface and documenting mitigations. However, these assistants should be evaluated in terms of their ability to improve performance against existing security metrics, not against ad hoc productivity metrics, Gartner warned.

GenAI is also transforming data security programmes as organisations shift their focus towards protecting unstructured data in the form of text, images and videos.

“Many organisations have completely reoriented their investment strategies, which has significant implications for large language model training, data deployment and inference processes,” said Alex Michaels, senior principal analyst at Gartner. “Ultimately, this shift underscores the changing priorities that leaders must address as they communicate the impact of GenAI on their programmes.”