Singaporeans are among the most vigilant globally when it comes to cybersecurity, leading the Asia-Pacific region in multi-factor authentication (MFA) adoption and ranking high in concern over artificial intelligence (AI)-driven threats. Yet nearly half of the workforce continues to engage with phishing attempts, according to a new survey by authentication firm Yubico.

The Global State of Authentication Survey 2025, conducted by Talker Research, polled 2,000 employed adults in Singapore as part of a wider study across nine countries. The findings were released to coincide with Cybersecurity Awareness Month in October.

Awareness vs action

Yubico said 44 per cent of Singapore workers admitted to clicking or interacting with phishing emails in the past year, matching the global average despite higher-than-average awareness levels.

“Awareness alone isn’t sufficient protection,” said Geoff Schomburgk, Vice President for Asia Pacific and Japan at Yubico. “Singapore’s workers face some of the highest breach rates globally, highlighting the critical need for phishing-resistant authentication solutions.”

The survey showed that 89 per cent of Singaporeans are concerned about AI’s impact on account security – the second-highest level worldwide. In addition, 85 per cent said phishing attempts are becoming more sophisticated.

MFA adoption strong but gaps remain

Singapore leads the region in MFA adoption, with 78 per cent of respondents using it for personal accounts. In the workplace, 43 per cent use mobile authenticator applications – nearly double the global average.

However, traditional login practices remain widespread. Around 58 per cent of workers still rely on usernames and passwords for office accounts, while 63 per cent use them for personal logins. Among those who do not use MFA, 43 per cent cited unfamiliarity as the main barrier.

The report also highlighted that one in four Singaporeans have had a social media account hacked, with many disclosing personal information such as email addresses (30 per cent) and phone numbers (23 per cent) during breaches.

Workplace exposure and training

At the organisational level, 60 per cent of Singapore companies deploy MFA across all applications – higher than the global average of 48 per cent but a decline from 68 per cent in 2024.

Meanwhile, 64 per cent of employees reported receiving cybersecurity training, though nearly one in three said they had not been trained. Despite this, 86 per cent felt their company’s security measures were appropriate.

Still, workplace data exposure remains high, with nearly one in five employees revealing work email addresses, full names or phone numbers in phishing incidents.

Implications for Smart Nation

The findings come as Singapore advances its Smart Nation ambitions, where strong cybersecurity is seen as critical to digital transformation.

“Singapore’s position as a regional digital hub makes these findings particularly significant,” Schomburgk added. “Phishing-resistant authentication isn’t just beneficial – it’s essential for maintaining Singapore’s leadership in the digital economy.”

Yubico recommends that businesses expand beyond awareness campaigns to implement hardware-based authentication and other phishing-resistant measures.

The survey was conducted between Aug 15 and 27, 2025, with results based on random double opt-in sampling.