CSA’s Cybersecurity Public Awareness Survey shows that Singaporeans remain concerned about cyber incidents, but there is room for improvement in cyber hygiene

The Cyber Security Agency of Singapore (CSA) released the key findings of the Cybersecurity Public Awareness Survey 2019 today. The survey polled 1,000 respondents between 17 and 23 December 2019 . Conducted annually since 2016, the survey measures public awareness and adoption of cyber hygiene practices, as well as attitudes towards cyber incidents. The 2019 survey also included a new section to study respondents’ understanding of phishing.

The survey revealed that there were high levels of concern for cyber incidents. Most respondents also agreed that everyone has a role to play in ensuring cybersecurity. However, there continued to be room for improvement in respondents’ cyber hygiene. For instance, the majority did not install security applications in their devices despite knowing the risks. Many respondents continued to think that cyber incidents would not happen to them. In addition, respondents faced difficulty in identifying phishing emails. The key findings are as follows:

Difficulty in identifying phishing emails

The 2019 survey made a deeper dive to understand respondents’ awareness of phishing, as it remains a popular way for attackers to target their victims. Although two-thirds of the respondents (66 percent) said that they knew what phishing was, only four percent could identify all the phishing emails correctly. Most respondents (86 percent) were able to identify phishing emails that promise attractive rewards, but fewer were able to identify emails with suspicious attachments (57 percent), emails using urgent/threatening language (55 percent) and emails requesting for confidential information (53 percent) (Chart A).

Marginal increase in Two-Factor Authentication (2FA) adoption rate for online accounts

Overall, the proportion of respondents who activated 2FA for some or all of their online accounts increased from 80 percent in 2018 to 83 percent in 2019.

More respondents knew how to use security apps but less than half installed them

The proportion of respondents who used their mobile devices for online transactions has continued to increase to 80 percent in 2019, up from 73 per cent in 2018 (Chart C).

However, the proportion of respondents who installed security applications in their mobile devices saw only a slight increase from 45 percent in 2018 to 47 percent in 2019 (Chart D). This is despite the fact that majority of the respondents (85 percent) acknowledged the risks of not installing security applications (Chart E).

In 2019, a larger proportion of respondents also indicated that they knew how to use security applications (64 percent in 2019, up from 59 percent in 2018). In addition, about half of the respondents (53 percent) said that they knew which security applications to download, a marginal increase from the 51 percent in 2018 (Chart E).

Improvement in adoption of password security measures

Slightly more than half of the respondents (56 percent) were able to identify a strong password (Chart F). The proportion of respondents who used a combination of letters in upper and lower case, numbers and symbols in their passwords increased from 79 percent in 2018 to 83 percent in 2019 (Chart G). Correspondingly, there was a dip in the percentage of respondents who used passwords that contain personal information – from 13 percent in 2018 to 11 percent in 2019 (Chart G).

Respondents believe that cyber incidents would not happen to them

The survey also studied the prevalence of cyber incidents and respondents’ attitudes and behaviours towards them. About a quarter of the respondents (28 percent) said that they had been a victim of at least one cyber incident in the past 12 months. The most common cyber incidents encountered include unauthorised attempts to access online accounts (14 percent), and the usage of online accounts to contact others without consent (10 percent) (Chart H).

When queried on the actions they took, 68 percent of respondents said that they changed their passwords, 46 percent reported the incident to the relevant organisation, 30 percent installed an anti-virus software, while eight percent of the respondents did not take any action (Chart I).

Majority of respondents showed high levels of concern for cyber incidents, with 82 percent of them expressing moderate to extreme concern that hackers would control their computer illegally, or that others would obtain their financial information without their consent (Chart J).

However, most continued to believe that such incidents would not happen to them. For instance, while 78 percent of the respondents were concerned about falling victim to an online scam or fraud, only 27 percent felt that there was a likelihood that this would happen to them (Chart J).

Similar to previous years’ findings, the majority of respondents (78 percent) agreed that all Singaporeans have a role to play in cybersecurity (Chart K).

"With our increasing reliance on technology, especially amid the COVID-19 pandemic, opportunistic cyber criminals now have a bigger hunting ground. It is important for us to shake off the ‘it will not happen to me’ mindset, stay vigilant, and take steps to protect ourselves online so that we do not become the next victim."

Mr David Koh
Chief Executive, Cyber Security Agency of Singapore (CSA)

The insights gathered from the survey underscore the value of CSA’s continued efforts to raise cybersecurity awareness and promote the adoption of cybersecurity measures. With safe distancing measures implemented amid the COVID-19 pandemic, outreach activities will focus on virtual, print and broadcast platforms. These include television programmes in vernacular languages and dialects, as well as virtual talks and videos targeted at the various audiences. CSA will also launch a Safer Cyberspace Masterplan later this year, which lays out a blueprint to better protect Singaporeans and our enterprises in the digital domain.

Appendix: Charts A to K

About the Cyber Security Agency of Singapore
Established in 2015, the Cyber Security Agency of Singapore (CSA) seeks to keep Singapore’s cyberspace safe and secure to underpin our Nation Security, power a Digital Economy and protect our Digital Way of Life. It maintains an oversight of national cybersecurity functions, and works with sector leads to protect Singapore’s Critical Information Infrastructure. CSA also engages with various stakeholders to heighten cyber security awareness, build a vibrant cybersecurity ecosystem supported by a robust workforce, pursue international partnerships and drive regional cybersecurity capacity building programmes. CSA is part of the Prime Minister’s Office and is managed by the Ministry of Communications and Information. For more news and information, please visit www.csa.gov.sg.

[1]Data was collected via an online survey. The sample of respondents is aligned with Singapore’s population statistics and profile.