A STRONGER HUMAN FIREWALL

Cyber incidents in Singapore SMEs rarely begin with a technical exploit — they begin with human behaviour. As scam losses rise, PDPAenforcement strengthens, and digital adoption accelerates, Singapore SMEs face increasing exposure to cyber risks driven by human error.

A Jan 2022 World Economic Forum report highlighted that 95%of cyber incidents are caused by human error. Singapore’s context mirrors this risk: phishing, scams, and ransomware incidents have escalated dramatically over the 2020-2025 period, with employees remaining a key vulnerability. 

This article explains why the Human Firewall matters and how SMEs can build strong cyber‑safe habits across their teams.

1. SME Cybersecurity starts with people – Strengthen your Human Firewall today

Singapore’s cyber landscape is evolving rapidly, shaped by three main drivers:

• Rapid SME digital adoption

Singapore SMEs are digitalising their business operations rapidly, accelerated over the Covid period of 2020-2022. Cyber hygiene knowledge and practices need to catchup and lead such digital adoption trends.

• Rising scam and cybercrime losses

Singapore has seen a consistent rise in phishing attempts and ransomware campaigns, with phishing attempts alone increasing substantially in the recent 5 years to 2025.Scam losses hit SGD 456.4 million in the first half of 2025. This should not be surprising if our employees and the general public have not strengthened their cyber hygiene habits sufficiently to cope with the increased threats.

• Stronger enforcement actions

The Personal Data Protection Act came into effect in 2014. Since then, the PDPC has documented data breach cases that have been investigated. Common gaps continue to surface time and again. In recent years, the Ministry of Social and Family Development has implemented the Data Security instructions for stakeholders operating within its ecosystem. Earlier this year, the Ministry of Health has published the Health Information Bill, to strengthen data security in the healthcare sector. It is likely that such an approach would gradually be expand into other areas, and accordingly a stronger enforcement regime is not unexpected.

• People – more than ever – determine whether an SME gets breached

Despite stronger firewalls, encryption, and AI‑powered tools, one fact remains unchanged – the human weakness is a major factor in data breaches:

2.  A Weak Human Firewall - Why SMEs Are Most Vulnerable

Most cyber incidents begin with simple, behaviour lapses:

•  Clicking phishing links

•  Trusting impersonation calls or fake SMSes

•  Sharing passphrases or using weak ones

•  Mishandling personal or customer data

•  Ignoring software updates

•  Connecting to unsecured Wi‑Fi networks

SMEs face additional challenges:

•  Staff juggle multiple roles and responsibilities

•  Cybersecurity is not their primary focus

•  tTaining is infrequent or outdated

•  Policies exist but are not reinforced

•  Attackers know SMEs have fewer layers of defence

3.  The five (5) Most Common Human Errors in SMEs

These are behaviour failures, not technical failures:

•  Phishing clicks — still the #1 cause of breaches

•  Weak or reused passphrases — easily guessed by automated tools

•  Mishandling data — wrong recipients, unsecured storage, unprotected files

•  Unsafe device practices — outdated software, no screen lock

•  Public Wi‑Fi usage — attackers intercept traffic easily

4.  Understanding the Psychology Behind Cyber Attacks

Cybercriminals don’t just exploit systems — they target people such as you and I.

They target our psychological triggers such as:

• Urgency —“Your bank account will be frozen in 2 hours.”

• Authority— “This is the Singapore Police Force. We investigate scams.”

• Fear —“You may be charged with money laundering.”

• Anxiety —“Your parcel is delayed — click to track.”

• Greed —“Flash deal – 90% off Musang King durians.”

These tactics bypass logic and trigger your emotions

5.  Singapore Case Study: An SPF/Anti-Scam Centre Impersonation Scam

Typically, the following sequence plays out:

The caller (normally video call so you can see the caller's uniform and the background) claims:

• your bank account has been compromised
• you are under investigation
• immediate action is required to avoid prosecution
  

The scammer then uses:

• fear — “You may be arrested if you don’t cooperate.”
• authority — “I am from SPF, this is official.”
• urgency — “You must follow my instructions now.”
  

Victims are instructed to:

• provide banking details
• transfer funds “for verification”
• install remote access apps
• isolate themselves from family
• avoid speaking to anyone else

Itis pure psychological control — and it works because it feels local, official, and urgent. So, if the Human Firewall is weak, such cases will only increase.

6. The RAYN StaySecure LEARN Solution for the SME in 2026

To strengthen your Human Firewall, SMEs need a structured, distributed, sustainable learning approach.

• Heighten Awareness.  Staff must understand the threats they face daily — phishing, scams, impersonation, data mishandling and how these unfold in daily life
• Change Behaviour.  Awareness is useless unless it translates into action
• Build Good, Sustainable Cyber Habits.  Cyber‑safe behaviour must become automatic, not optional or contrived
• Build Strong Cyber Culture.  By going through the same learning journey as the staff, SME leaders and champions become good and inspiring role models for the staff
• Reinforcement.  Short, frequent reminders keep security top‑of‑mind

7.  Five (5) practical ways for SMEs to strengthen their Human Firewall

The SME may focus on these 5 simple areas:

• Micro‑Learning Over Annual Training.  Short, frequent lessons outperform long, one‑off sessions
• Leadership Modelling.  Staff follow what leaders do, not what policies say. So be a good role model for the staff
• Clear Reporting Channels.  Staff must feel safe to report suspicious activity — especially scams involving authority figures
• Regular Reinforcement.  Weekly reminders, posters, micro‑videos, and quizzes
• Simple, Actionable Rules.  Remove complexity; make cyber hygiene easy to live daily

8.  Conclusion – The Human Firewall is your strongest defence

Technology is essential but it cannot compensate for human behaviour. Cybersecurity is no longer an IT issue. It is a people issue. And SMEs that invest in their people gain a powerful competitive advantage. Remember – A strong and sturdy Human Firewall:

• reduces incidents
• protects customer trust
• strengthens compliance
• builds a resilient culture
• empowers staff to act safely