CSA’s 2022 Survey Shows Increase in Respondents’ Perceived Likelihood of Falling Victim to Cyber Incidents and Online Scams

Published on 09 Sep 2023

More respondents enabling 2FA and installing cybersecurity apps but fewer accepting software updates immediately 

     The Cyber Security Agency of Singapore released the key findings of its Cybersecurity Public Awareness Survey 2022 today. The survey polled 1,051 respondents aged 15 years and above on their attitudes towards cyber incidents, mobile and Internet-of-Things (IoT) security. Respondents were also polled on their awareness and adoption of good cyber hygiene practices, such as enabling two-factor (2FA) authentication, updating software promptly and installing cybersecurity apps1

2. The 2022 findings saw an increase in respondents’ perceived likelihood of falling victim to cyber incidents. Six in 10 respondents felt that the likelihood of their computers and/or devices being compromised was high, as compared to about four in 10 respondents in 2020 (see Annex - Chart A). More respondents in 2022 (43%) also perceived that they might fall victim to online scams compared to 32% of respondents in 2020 (Chart B). The older the respondents, the higher the perceived likelihood (Chart C)

3. About one in three respondents (29%) indicated that they fell victim to cyber incidents in 2022, which is a slight drop of three percentage points from 2020 (Chart D). Among the victims, more were younger respondents (15-39 years old), with the percentage dropping to 20% for respondents 55 years old and above (Chart E).

Some improvements in adoption of good cyber hygiene practices but gaps remain  

Awareness of phishing remains largely unchanged

4. Respondents’ awareness of phishing remained largely unchanged, with seven in 10 in 2022 indicating that they know what phishing is (Chart F). When asked to identify phishing emails, seven in 10 respondents were able to correctly identify at least one phishing email shown to them. However, one in four were unable to identify both2. When asked to identify phishing short message service (SMS), nine in 10 respondents were able to correctly identify at least one (Chart G). 

Slight drop in respondents’ ability to identify a strong password

5. Slightly more than half of the respondents were able to identify the strongest password from a list of passwords, a slight drop of two percentage points from 2020 (Chart H)

More respondents enabled two-factor authentication (2FA) 

6. There were increases in respondents who enabled 2FA in messaging accounts, personal emails and social media. 35% of respondents enabled 2FA for all online accounts and apps, an increase from 22% in 2020 (Chart I)

More installed cybersecurity apps

7. Eight in 10 indicated that they have common utility apps (e.g. banking, commerce, transport) installed in their smartphones. Five in 10 installed cybersecurity apps, an increase from four in 10 in 2020 (Chart J). 

Fewer respondents updated software immediately 

8. There was a slight decrease in respondents who accepted their mobile devices’ updates immediately compared to 2020 (27% in 2022 compared to 30% in 2020). Since 2017, there has been a decline in respondents accepting updates immediately as more preferred to continue with their activities and accept the updates later, and to wait for reviews to be out before they decided whether to update or not (Chart K).

Four in five owned and/or used IoT Devices, but less than one in five knew the steps to take to secure them

9. With the increasing ubiquity of IoT devices such as internet routers and smart TVs, 2022’s survey included a new segment on respondents' attitudes towards IoT security. 84% of respondents owned and/or used one or more IoT devices. Almost half of all respondents (49%) expressed moderate to extreme concern about their devices being hacked. Less than one in five of all respondents (17%) indicated that they knew of the steps to secure IoT devices (Chart L). Of the 84% who owned and/or used one or more IoT devices, half indicated that they used an alphanumeric password with at least 12 characters, while about four in 10 said that they changed the default password (Chart M).

CSA to Launch Fifth National Cybersecurity Campaign

10. The survey findings indicate that despite respondents’ higher perceived likelihood about falling victim to cyber incidents and online scams, their adoption of cybersecurity practices has yet to catch up. With insights gathered from the 2022 survey, CSA will be launching its fifth National Cybersecurity Campaign in end-September 2023. Through roadshows, corporate partnerships and publicity on social media and out-of-home platforms, the new Campaign will encourage the adoption of CSA’s four refreshed “Cyber Tips” that members of public can adopt to stay cyber-secure and scam-safe. 

11. Mr David Koh, Chief Executive of CSA, said, “In the digital domain, the threat is constantly evolving and often unseen. Cybercriminals keep devising new scam tactics and new ways to compromise our devices. The amounts lost to these criminals are increasing significantly. The Government will step up efforts to protect our cyberspace and foster cybersecurity literacy. Each one of us must all play our part to adopt good cyber hygiene practices to protect what is precious to us.” 


 1 In the survey, the following were listed as examples of cybersecurity apps: e.g. anti-virus, VPN and web-filter apps.
 2 2022’s survey only asked respondents to identify two phishing emails as compared to 2020’s eight, as 2022’s survey was expanded in scope to ask respondents to identify phishing SMSes as well.


- End -

About the Cyber Security Agency of Singapore 
Established in 2015, the Cyber Security Agency of Singapore (CSA) seeks to keep Singapore’s cyberspace safe and secure to underpin our Nation Security, power a Digital Economy and protect our Digital Way of Life. It maintains an oversight of national cybersecurity functions and works with sector leads to protect Singapore’s Critical Information Infrastructure. CSA also engages with various stakeholders to heighten cyber security awareness, build a vibrant cybersecurity ecosystem supported by a robust workforce, pursue international partnerships and drive regional cybersecurity capacity building programmes. CSA is part of the Prime Minister’s Office and is managed by the Ministry of Communications and Information. For more news and information, please visit www.csa.gov.sg




Report a Cybersecurity Incident

SingCERT encourages the reporting of cybersecurity incidents as it enables us to better understand the scope and nature of cyber incidents in Singapore. This will enable us to issue alerts or advisories on relevant threats, and assist a broader range of individuals and organisations.
Report Incident