CSA’s 2024 Cybersecurity Public Awareness Survey Shows an Improvement in the Adoption of Cyber Hygiene Practices

The Cyber Security Agency of Singapore released the key findings of its Cybersecurity Public Awareness Survey 2024 today. The survey polled 1,050 respondents aged 15 years and above on their attitudes towards cyber incidents, mobile and Internet-of-Things (IoT) security, and deepfakes. Respondents were also polled on their awareness and adoption of good cyber hygiene practices, such as enabling 2FA, updating software promptly and installing cybersecurity apps[1].

2. The 2024 survey saw a slight drop in respondents’ perceived likelihood of falling victim to various cyber incidents. 57% of respondents perceived that their computers and/or devices were likely to be compromised by viruses or malware, a slight drop from 60% in 2022. About four in 10 respondents (38%) perceived themselves to be at risk of falling prey to online scams, down from 43% in 2022 (see Annex A - Chart A).

3. About three in 10 respondents (26%) indicated that they fell victim to at least one cyber incident, a slight drop from 30% in 2022. Of these, 60% were youths and young working adults aged 15 to 44, while 40% are aged 45 and above (Chart B).

 Increase in Phishing Awareness

4. Respondents also reported a higher rate of awareness of phishing, with 80% indicating they know what phishing is, up from 72% in 2022 (Chart C). While two-thirds of respondents (66%) could correctly identify all phishing content, an increase from 38% in 2022, only about one in 10 (13%) could accurately distinguish between all phishing and legitimate content in 2024 (Chart D). More than eight in 10 respondents successfully identified phishing content comprising text messages, emails and websites, compared to less than five in 10 for legitimate content. Of this, younger respondents aged 15 to 24 were less able to identify phishing emails. (Chart E).

More Users Installing Cybersecurity Apps, Updating Software Promptly, and Enabling 2FA Compared to 2022

Improvement in awareness and installation of cybersecurity apps

5. Close to nine in 10 respondents (88%) recognise that not installing cybersecurity apps is risky. Respondents’ awareness of which apps to download has improved, increasing from 46% in 2022 to 65% in 2024 (Chart F). More respondents also installed security apps in 2024, with 63% of respondents having at least one cybersecurity app installed, up from 50% in 2022. Of these, the most significant increase was seen in respondents aged 45 and above (from about 45% in 2022 to over 70% in 2024), while installation rates among younger users aged 15 to 44 remained relatively unchanged at about 55% (Chart G). Among those with cybersecurity apps, scam blockers (e.g., ScamShield App) were most-widely installed.

More respondents updated software immediately and enabled 2FA

6. There was an increase in respondents who accepted their mobile devices’ updates immediately (36% in 2024 compared to 27% in 2022). However, 32% of respondents still preferred to continue their activities before accepting updates, down slightly from 37% in 2022. Those who did not update their devices remained low at 3%, compared to 4% in 2022 (Chart H).

7. The adoption of 2FA, a key security measure for protecting online accounts, saw an increase, with four in 10 respondents (41%) enabling it for all their online accounts and apps, up from 35% in 2022 (Chart I).

Room for Improvement in Deepfake Detection and IoT Security

Eight in 10 confident in identifying deepfakes, however only one in four able to distinguish between real and fake video content

8. With the rising prevalence of deepfakes in the digital space and their potential for misuse in scams, the 2024 survey included a new segment to understand respondents’ awareness and ability to detect deepfakes. About six in 10 respondents (63%) indicated that they had heard about deepfakes, with more than one in four (27%) having encountered deepfake scams. About eight in 10 respondents (78%) expressed confidence in identifying deepfakes (Chart J), citing suspicious content and unsynchronised lip movements as common verification methods. However, when tested on their ability to identify deepfake and legitimate videos, only one in four respondents (25%) could distinguish between both types of videos (Chart K).

Two in 10 are at risk of falling victim to malware scams through pop-up ad clicks

9. As malware scams increasingly target users through malicious URL links embedded in unsolicited pop-up ads, the survey examined respondents’ behaviour towards such third-party app download prompts. When asked if they had clicked on pop-up ads to download third-party apps in the past 12 months, 80% of respondents said they did not. However, 10% reported clicking on such ads, hence putting themselves at risk to malware scams. Another 10% were unsure if they had done so (Chart L).

 More respondents taking steps to secure their IoT devices

10. About half of respondents (49%) expressed moderate to extreme concern about their IoT devices being hacked, unchanged from 2022. However, only close to three in 10 (27%) indicated they knew the steps to secure IoT devices (Chart M). Still, the survey found that more respondents were taking steps to secure these connected devices. Among those who owned and/or used IoT devices (870 respondents), nearly half (47%) changed their default password settings, up from 38% in 2022. More users are also installing software and device updates promptly, increasing from 31% in 2022 to 43% in 2024, while 40% implemented encryption for secured communication, up from 28% in 2022 (Chart N).

SG Cyber Safe Programmes for Seniors and Students

11. Since the launch of CSA’s SG Cyber Safe Seniors programme in 2021, CSA has worked closely with Infocomm Media Development Authority’s SG Digital Office, through its Digital Ambassadors, to reach out to over 210,000 seniors. CSA also works with banks and other community partners to educate seniors on how to stay cyber safe. With support from People’s Association, CSA runs the Be Cyber Safe workshops at community centres, where seniors learn how to use digital apps safely with guidance from students as well as volunteers from community networks.

12. CSA partners the Ministry of Education to develop resources for educators and students on online dangers and steps to protect themselves. A mobile Be Cyber Safe Pop-Up as well as drama skits and school talks have been conducted to support schools in cybersecurity education. Since 2024, CSA, in partnership with Microsoft, rolled out the Minecraft Education cybersecurity workshops to almost 1,300 primary and secondary school students to encourage adoption of good cyber hygiene practices through gamification.

CSA to Launch Sixth National Cybersecurity Campaign

13. Building on these outreach efforts, CSA will launch its sixth National Cybersecurity Campaign in September 2025 to further raise adoption levels. With insights gathered from the 2024 survey, the new campaign will highlight the importance of cybersecurity practices such as installing security apps, enabling 2FA, and updating software regularly. The campaign will also comprise roadshows, corporate partnerships, talks, with posters and videos running on various social media and out-of-home platforms.

14. Mr David Koh, Chief Executive of CSA, said, “While the survey shows some improvement in the adoption of cyber hygiene measures, we also see that respondents struggle to distinguish between phishing and legitimate messages and videos. With cyber criminals constantly devising new scam tactics, we need to be vigilant, and make it harder for them to scam us. Always stop and check with trusted sources before taking any action, so that we can protect what is precious to us."

About the Cyber Security Agency of Singapore

Established in 2015, the Cyber Security Agency of Singapore (CSA) seeks to keep Singapore’s cyberspace safe and secure to underpin our Nation Security, power a Digital Economy and protect our Digital Way of Life. It maintains an oversight of national cybersecurity functions and works with sector leads to protect Singapore’s Critical Information Infrastructure. CSA also engages with various stakeholders to heighten cyber security awareness, build a vibrant cybersecurity ecosystem supported by a robust workforce, pursue international partnerships and drive regional cybersecurity capacity building programmes.

CSA is part of the Prime Minister’s Office and is managed by the Ministry of Digital Development and Information. For more news and information, please visit www.csa.gov.sg.

For media queries, please contact:

 Alvin Ho

Assistant Manager, Communications & Engagement Office

Email: Alvin_HO@csa.gov.sg 

[1] In the survey, the following were listed as examples of cybersecurity apps: e.g., anti-virus, malware removal, and scam blockers.