Phishing Exercise Reveals Urgent Need for Stronger Cyber Resilience

, ,

Singapore’s First Coordinated Phishing Exercise for Exercise SG Ready Highlights the Need for Businesses to Strengthen Cyber Resilience

The results of Singapore’s first-ever coordinated phishing exercise, conducted as part of Exercise SG Ready (ESR) 2025, have been released, highlighting a crucial need for businesses to enhance their cybersecurity resilience against phishing attacks. The phishing exercise, co-led by Nexus (Ministry of Defence, MINDEF) and the Singapore Business Federation (SBF), involved nearly 200 businesses—over 80% of which were small and medium enterprises (SMEs).

Key Details of the Phishing Exercise

Conducted over two weeks from February 15 to 28, 2025, the phishing exercise simulated real-world cyber threats by sending various types of phishing emails—such as security alerts, account notifications, and fake internal communications—to more than 4,500 employees across five key industries:

  • Retail
  • Industrial
  • Consulting and Services
  • Environmental-related Businesses
  • Healthcare and Medical

The exercise measured recipient responses, including email open rates, click-through rates on phishing links, and incident reporting rates.

Key Findings from the Phishing Exercise Report

The ESR 2025 Phishing Exercise Report uncovered several critical insights into how Singaporean businesses respond to phishing threats:

  1. High Susceptibility to Phishing Emails – Over 30% of phishing emails were opened, and 17% of employees clicked on phishing links, which is 8% higher than the global average. This suggests a significant vulnerability to real-world phishing attacks.

  2. Low Reporting Rates – Only 5% of employees reported phishing attempts, falling 13% below the global industry benchmark of 18%, underscoring the need for better security awareness and reporting protocols.

  3. No Significant Difference Between Large Enterprises and SMEs – Click rates between SMEs and larger enterprises were similar, indicating that businesses of all sizes are equally vulnerable to phishing scams.

  4. Internal Communication Scams Were the Most EffectivePhishing emails mimicking internal communications had the highest click rate, revealing that employees are more likely to trust messages that appear to come from within their organization.

These findings emphasize the urgent need for businesses to strengthen their cybersecurity response plans and reinforce employee training to reduce phishing risks.

Strengthening Cyber Resilience Among Businesses

Commenting on the phishing exercise results, Mr. Kok Ping Soon, Chief Executive of SBF, stated:

“Cybersecurity threats are growing in sophistication, and businesses—especially SMEs—must enhance their security awareness. Phishing attacks can lead to financial losses, reputational damage, and legal liabilities. We urge companies to prioritize security training, adopt cyber hygiene practices, and cultivate a culture of vigilance among employees.”

Similarly, SLTC Psalm Lew, Director of Community Engagement at Nexus, MINDEF, noted:

“We are encouraged by the strong business participation in this first coordinated phishing exercise. The results highlight the importance of a whole-of-society approach to cybersecurity through Total Defence, involving agencies, businesses, and the wider community.”

Next Steps: Strengthening Business Cybersecurity Readiness

To further enhance business cybersecurity resilience, Nexus, MINDEF, and SBF will continue working with local businesses under their Memorandum of Understanding (MOU) on Total Defence for Businesses. This includes:

  • Ongoing cybersecurity training programs
  • Follow-up phishing exercises to reinforce awareness
  • Best practice guidance on phishing prevention

SBF is also collaborating with public and private sector partners to launch a comprehensive suite of cybersecurity initiatives to help businesses implement effective cybersecurity measures. These initiatives align with the Cyber Essentials Framework and provide actionable strategies for mitigating security risks.

source:

https://www.sbf.org.sg/newsroom/media/press-releases/detail/singapore-s-first-coordinated-phishing-exercise-for-exercise-sg-ready-highlights-the-need-for-businesses-to-strengthen-cyber-resilience

Conclusion

The ESR 2025 phishing exercise underscores the growing cyber threat landscape in Singapore and the urgent need for businesses to strengthen their cybersecurity posture. As phishing scams become increasingly sophisticated, organizations must take proactive steps to educate employees, implement robust security policies, and cultivate a cybersecurity-aware culture to mitigate risks.

By enhancing phishing awareness and cyber resilience, businesses can better protect their data, financial assets, and reputation against the ever-evolving cyber threats.

Businesses must stay ahead by adopting advanced security measures, training their workforce, and deploying AI-enhanced cybersecurity defenses.

Abatis Technology Ltd provides endpoint security solutions, specialized cybersecurity awareness training and sophisticated threat detection methods.

In Nigeria, our locally deployed Cyber NOC/SOC services provide real-time protection for Nigerian businesses in compliance with NDPR and CBN cybersecurity regulations.

Want to safeguard your business from AI-driven cyber threats?

 Book an Abatis cybersecurity consultation

Picture of abatisnigeria
abatisnigeria

Categories

Latest post

Need help?

Don't hesitate to contact us

Contact us

Abatis Technology Nigeria Ltd.
810 Gidado Idris Way, Idu 
Abuja, Nigeria.

RC No: 8140586

Services
Resources
Links

© 2024 Abatis Technology Nigeria Ltd.

Twitter