SINGAPORE – A recent nationwide cybersecurity drill has exposed a critical vulnerability in corporate defenses, with 17% of over 4,500 employees unknowingly clicking on phishing links. Conducted as part of Exercise SG Ready, this large-scale initiative—led by Nexus, the Ministry of Defence (MINDEF), and the Singapore Business Federation (SBF)—highlighted the urgent need for businesses to strengthen their cybersecurity awareness and response strategies.
Phishing Test Unmasks Security Gaps
Taking place from February 15 to 28, the exercise targeted employees from five key sectors—retail, industrial, consulting and services, environmental-related, and healthcare and medical. During the two-week period, simulated phishing emails mimicking security alerts, internal communications, and account notifications were sent to test employees’ susceptibility to such scams.
The findings were eye-opening:
- 30% of phishing emails were opened
- 17% of recipients clicked on malicious links, 8 percentage points higher than the global average (as per Proofpoint’s 2024 State of the Phish Report)
- Only 5% of employees reported the phishing emails, compared to the global industry average of 18%
The fact that employees fell for internal communication-style phishing emails at the highest rate suggests a false sense of trust in messages appearing to originate from within the company.
Now Open: Pan-India Registration for Scam Reporters & Fraud Investigators!
Cybersecurity: An Equal Threat to SMEs and Large Corporations
A key takeaway from the exercise is that phishing attacks do not discriminate based on company size. Both small and medium-sized enterprises (SMEs) and large corporations recorded similar phishing click rates, highlighting the need for robust cybersecurity measures across all business sectors.
SBF’s chief executive, Kok Ping Soon, emphasized the growing risk posed by sophisticated cyber threats, warning that businesses face financial losses, reputational damage, and potential legal liabilities if cybersecurity awareness remains low.
“We urge all businesses, especially SMEs, to prioritize security training, encourage cyber hygiene, and instill a culture of vigilance among employees,” he said.
Building a Cyber-Resilient Nation
Senior Lieutenant Colonel Psalm Lew, Director of Community Engagement at Nexus, commended the high level of participation in this inaugural phishing exercise.
“These results reinforce the need for a whole-of-society approach to security threats under Total Defence. Agencies, businesses, and communities must work together to strengthen our collective resilience,” he stated.
To bolster cybersecurity readiness, Nexus, MINDEF, and SBF plan to continue working closely with businesses through:
- Ongoing security training programs
- Follow-up phishing exercises to reinforce best practices
- A comprehensive suite of cybersecurity initiatives aligned with the Cyber Essentials Framework
SBF is also collaborating with public and private sector partners to help businesses assess their cyber risk profiles and implement practical security measures to minimize potential breaches.
Final Takeaway: Don’t Let Your Guard Down
The exercise has delivered a clear message: Cybersecurity complacency is a costly mistake. With phishing attacks growing in sophistication, businesses must act now to educate employees, enforce cybersecurity protocols, and foster a proactive security culture. After all, in the digital battlefield, awareness is the first line of defense.