CSA’s 2018 Survey Shows That Cybersecurity Awareness Remains High, Though Adoption of Cybersecurity Practices Needs to Be Improved

11 Sep 2019

The Cyber Security Agency of Singapore (CSA) released the key findings of the Cybersecurity Public Awareness Survey 2018 today. The survey polled 1,105 respondents aged 15 years and above between 14 and 24 December 2018[1]. Conducted annually since 2016, the survey measures public awareness and adoption of cyber hygiene practices. The 2018 survey also studied respondents’ attitudes and behaviours towards cyber incidents.

The 2018 survey found that awareness of cyber incidents remains high. The majority of respondents agreed that all Singaporeans have a role to play in ensuring cybersecurity. There was also a marked improvement in the adoption rate of Two-Factor Authentication (2FA) for all online accounts. However, the survey revealed several areas for improvement. Even though more respondents are using their personal mobile devices for online transactions, a lower proportion of them installed security applications in their devices, despite knowing the risks of not doing so. In addition, while the majority of respondents showed a high level of concern for cyber incidents, they did not think that such incidents would happen to them. Key findings are as follows:

Improvement in 2FA adoption rate for all online accounts

The proportion of respondents who have enabled 2FA for all of their online accounts saw a 10 percentage point increase to 36 percent, up from 26 percent in 2017. (Chart A)

Lower proportion of respondents installing security apps and promptly updating software 

The proportion of respondents who use their personal mobile devices for online transactions has increased steadily – 73 percent in 2018, up from 64 percent in 2017 and 51 percent in 2016. (Chart B

However, the proportion of those who installed security applications in their mobile devices fell from 53 percent in 2017 to 45 percent in 2018. This is despite the fact that a large proportion of them acknowledged the risks of not installing security applications (84 percent) and knew how to use security applications (59 percent) and which application to download (51 percent). (Chart C) and (Chart D)

When it comes to updating software on their mobile devices, four in five respondents (80 percent) updated their software in 2018, a slight decrease from 83 percent who did so in 2017. Only 50 percent of respondents who updated their software did so immediately when it was available, down from 55 percent in 2017. (Chart E)

Lack of knowledge on using secure password

Only one in three respondents (35 percent) could identify a strong password, a decrease from 45 percent in 2017. Older respondents above 55 years old were the least likely to be able to identify a strong password. (Chart F)

The majority of respondents had not switched to 12-character passwords. Only 24 percent of them had at least 12-character passwords for online accounts. (Chart G)

Need for continued vigilance to guard against cyber incidents

Besides measuring public awareness and the adoption of cyber hygiene practices, the 2018 survey also studied the prevalence of cyber incidents and respondents’ attitudes and behaviours towards them. Close to half (48 percent) of respondents had experienced at least one cyber incident in the past 12 months. More than one in three of them (36 percent) singled out advertisement pop-ups after browsing websites online as the most common cyber incident. Persistent pop-ups are a common sign of malware infection. (Chart H)

Responses to a cyber incident were varied - 66 percent changed their passwords, 44 percent reported the incident to the relevant organisation, 36 percent installed an anti-virus software, and 10 percent of respondents did not take any action. (Chart I)

While respondents showed high levels of concern for cyber incidents, they believed that such incidents would not happen to them. For instance, 80 percent of respondents were concerned about falling prey to online scams and fraud, but only 30 percent of them felt that there was a likelihood that this would happen to them. (Chart J)

Notably, the majority of respondents (78 percent) agreed that all Singaporeans have a role to play in cybersecurity, a slight increase from 75 percent in 2017. (Chart K)

Mr David Koh, Chief Executive, CSA, said, “The survey shows that while Singaporeans are concerned about cyber threats and agree that they have a role to play, most believe that they are not the target of cyber criminals. Cyber threats are part and parcel of the digital age, and cyber-attacks will only increase. No one is immune. We need to improve our cyber hygiene so that we do not lose our hard-earned money and our precious data to cyber criminals.”  

With insights gathered from the 2018 survey, CSA will be launching its Go Safe Online 2019 campaign in September. The campaign will focus on raising awareness of the personal consequences of cyber-attacks and the measures that users should take to protect themselves. A launch event will be held from 14 to 15 September 2019, at Ang Mo Kio Central Stage. Visitors can get tips on how to set strong passwords, spot signs of phishing and install anti-virus software through fun and interactive activities.

Related Resource: Appendix

About the Cyber Security Agency of Singapore
The Cyber Security Agency of Singapore (CSA) provides dedicated and centralised oversight of national cyber security functions and works with sector leads to protect Singapore’s critical services. It also engages with various industries, and stakeholders to heighten cyber security awareness as well as to ensure the holistic development of Singapore’s cyber security landscape. The Agency is part of the Prime Minister’s Office and is managed by the Ministry of Communications and Information.


[1] Data was collected via an online survey. The sample of respondents is aligned with Singapore’s population statistics and profile.