Singapore’s rapid adoption of all things digital has made it a global capital in the AI race in recent years. Ironically, the expediency that the city-state adopts the latest and greatest technologies could also make its people vulnerable to cyber threats that target what is usually a strength.
“We are used to acting quickly, trusting digital systems, and responding immediately to messages, approvals, and transactions,” says Pamela Ong, country manager of Singapore and Asia of cybersecurity firm ESET.
“Attackers understand this very well,” she notes. “Increasingly, they are exploiting urgency, convenience, and trust rather than technical weaknesses.”
The fast adoption of AI has also made people readily trust the new technologies, such as agents that can analyse huge chunks of their data and take actions on their behalf.
“We are seeing individuals and organisations freely sharing health records, financial documents, and confidential business information with AI platforms, often without understanding where that data goes, how it is stored, or who may ultimately have access to it,” says Ong.
“The speed of AI adoption is precisely what makes it dangerous,” she adds, in this month’s Q&A. “When people are excited about new technology, caution takes a back seat.”
NOTE: Responses have been edited for brevity and style.
Q: How would you define cyber literacy in our AI age?
A: Broadly speaking, cyber literacy is the ability to understand the digital world, including, navigating and how to use technology safely, responsibly, and effectively. In our AI age today, this extends to critically evaluating what to trust in an environment where almost anything can be faked.
In the past, many cyber threats were easier to spot. Poorly written scam e-mails, suspicious links, or obvious warning signs often triggered human instinct. But AI is changing that. Today, scams, phishing attempts, and even fake identities can appear highly convincing and personalised at scale.
For most people, cyber literacy now means developing digital judgment. It is the ability to pause, question authenticity, verify information, and recognise that not every polished message, voice note, image, or urgent request is genuine.
This shift has implications beyond consumers. In businesses, cyber literacy is becoming an operational resilience issue. A single employee approving a fake invoice, clicking on a manipulated document, or trusting an AI-generated impersonation can disrupt operations, expose sensitive data, or damage customer trust.
People need to be far more cautious and deliberate about what they trust, especially when money or sensitive information is involved. If a request feels urgent or routine, it should always be verified independently through another channel.
Q: In what ways do you think people in Singapore are cyber literate and how can they improve?
A: Singapore is actually one of the more digitally mature societies in the region. Most people are comfortable using different platforms that range from digital banking to e-commerce platforms even to online collaboration tools in their daily lives.
That level of digital adoption already reflects a baseline level of cyber awareness and confidence. Public awareness of scams and phishing is high and people are more familiar with basic cyber hygiene than they were a few years ago.
National efforts such as the SG Cyber Safe Students Programme, Digital for Life, and Seniors Go Digital have also helped broaden digital awareness across different segments of society.
The challenge today is that cyber literacy is no longer keeping pace with how quickly AI is changing the threat landscape.
One major gap is that many people still associate cyber threats with “obvious danger”, like scams and phishing, but that does not always translate into good decisions under pressure.
Modern attacks increasingly look legitimate and emotionally believable deepfakes are a good example. People may know what they are in theory, but that is very different from spotting one in the moment when it appears to come from a trusted person or source.
In Singapore especially, our efficiency-driven culture can sometimes work against us. We are used to acting quickly, trusting digital systems, and responding immediately to messages, approvals, and transactions. Attackers understand this very well. Increasingly, they are exploiting urgency, convenience, and trust rather than technical weaknesses.
Another area for improvement is moving beyond awareness into behaviour. Many people know scams exist, but in stressful or rushed situations, human instinct can still override caution. Cyber literacy therefore cannot just be theoretical knowledge. It must become a daily habit of verification.
Simple practices can make a meaningful difference include pausing before reacting to urgent digital requests, independently verifying payment instructions or unusual and maintaining healthy scepticism even toward polished or familiar-looking communications.
Ultimately, cyber literacy in Singapore should evolve from “knowing scams exist” to understanding how AI is reshaping human trust online. That mindset shift will be critical in the years ahead.
Q: People everywhere are rushing to adopt AI and many are sharing sensitive data, from medical reports to professional work, with AI agents. What are the dangers involved today and how can people be made more aware of the risks?
A: The speed of AI adoption is precisely what makes it dangerous. When people are excited about new technology, caution takes a back seat.
We are seeing individuals and organisations freely sharing health records, financial documents, and confidential business information with AI platforms, often without understanding where that data goes, how it is stored, or who may ultimately have access to it.
What concerns me most right now is the rise of agentic AI, which are systems that do not merely respond to a prompt, but autonomously take actions on a user’s behalf.
Unlike a simple chatbot, an agentic AI can browse the Web, send e-mails and interact with third-party services – all with minimal human intervention. To do this effectively, these agents require access to sensitive data such as your calendar, your inbox, your documents and your credentials.
As a result, AI agents can be very capable assistants and increase productivity immensely, which can create over-reliance. This rise in productivity could lead people to share more than they should or act without proper verification.
The attack surface is no longer just “what data did I share in a chat window.” It is every system that agent is connected to.
A compromised or poorly designed agentic AI can exfiltrate data, make unauthorised transactions, or be manipulated through a technique called prompt injection – where malicious instructions are embedded in content the agent reads, causing it to act against the user’s interests without them ever realising it.
So, individuals need to grant AI agents only the permissions they strictly need, review what systems they are connected to, and never assume that because a tool is convenient it is safe.
Businesses must treat agentic AI deployments with the same rigour as any privileged system. Enforce least-privilege access controls, audit agent activity logs, and ensure employees understand that an AI agent acting on their behalf carries the same accountability as the employee themselves.
