Singapore organisations are increasingly viewing AI as their biggest data security concern, as automated systems are increasingly used in corporate environments, according to a study by security firm Thales.
Seventy-six per cent of respondents across various sectors in the Republic, a leading proponent of AI, flagged AI as their top data security risk.
The speed of AI-driven transformation doesn’t only cause malicious use, but AI is increasingly being treated like a trusted insider with broad, automated access to enterprise data, the respondents in Singapore said in the study released last week.
“Insider risk is no longer just about people. It is also about automated systems that have been trusted too quickly,” said Sebastien Cano, senior vice-president for cybersecurity products at Thales.
He warned that weak identity governance, access policies, or encryption can be rapidly amplified by AI across corporate environments.
While Singapore organisations recognise the need to adapt, the report suggests that investments are not keeping pace with the new risks.
Forty-one per cent of Singapore firms surveyed have allocated a budget for AI security, a figure higher than the global average of 30 per cent.
However, 43 per cent still depend on traditional security programmes built mainly for human users and perimeter-based controls, which Thales says is not aligned with a future where machines will authenticate, access, and act autonomously.
“The real risk isn’t innovation, but failure to modernise security alongside it,” said said Garen Ling, area vice-president for application security and data security for Asean at Thales.
“AI doesn’t just increase access; it changes who and what is accessing your systems,” he noted. “We need to focus less on the perimeter and more on securing the data wherever it sits.”
The Thales report also showed a gap between AI adoption and data control. Just 28 per cent of organisations know where all their data resides, with 37 per cent able to classify it. Another finding is that 48 per cent of sensitive cloud data is unencrypted.
Thales also highlighted that identity infrastructure is now the primary attack surface, with credential theft being the top attack technique in cloud environments, with 71 per cent of organisations experiencing cloud attacks.
A top application security challenge cited by 40 per cent of organisations is secrets management. This, says Thales, reflects the growing complexity of governing machine identities, API (application programming interface) keys, and tokens at scale.
The report also points to more convincing AI-driven cyber attacks. Fifty-three per cent of companies have seen deepfake-driven attacks, and 46 per cent have experienced reputational damage related to AI-generated misinformation or impersonation campaigns.
Beyond introducing new risks, AI also increases existing ones, noted the report. Human error already contributes to 28 per cent of breaches, and the addition of automation means that mistakes can scale faster and spread wider.
