Singapore workers fear deepfake scams & weak AI oversight

KnowBe4 has published research showing widespread concern among Singapore workers about deepfake scams and weak oversight of workplace AI tools. The survey found that every organisation covered had faced a human-related cyber incident in the past year.

The study drew on responses from 200 employees and 50 security decision-makers in Singapore, as part of a wider global survey of 4,000 professionals at organisations with at least 250 employees. It examined the growing overlap between employee behaviour, AI use, and workplace security risk.

Among employees surveyed in Singapore, 93% said deepfake voice and video content is now so realistic that it is hard to know what to trust. Another 87% said they could be tricked by a convincing impersonation scam at work.

Those figures were higher than the global averages cited in the research, at 86% and 64%. The findings suggest that workers in Singapore feel especially exposed to AI-driven deception as fake audio and video tools become more convincing.

AI oversight

The research also pointed to gaps in how organisations control AI use in everyday work. While 99% of organisations surveyed said they use AI in workflows, 44% said that use is unapproved or ungoverned.

At the same time, 40% of Cybersecurity Leaders said AI agents are already taking autonomous actions inside organisational workflows. In a significant minority of workplaces, software tools are making or triggering decisions without direct human intervention.

The survey also found that 32% of employees commonly source their own agentic AI tools when approved options are unavailable or too restrictive. Separately, 56% of Cybersecurity Leaders said the use of unsanctioned software and AI apps had affected their security posture over the past 12 months.

The research also highlighted a disconnect between management confidence and employee self-assessment. It found that 88% of leaders were confident employees could identify impersonation messages sent through internal tools, while 74% were confident staff could identify deepfake voice and video content.

That confidence contrasted with employee responses showing widespread uncertainty about spotting manipulated media. The gap matters because internal messaging systems and collaboration platforms are now common channels for scams designed to mimic colleagues or senior executives.

Human factor

All leaders surveyed said human-related behaviours had affected their organisation's cybersecurity during the previous 12 months. The report linked that exposure not only to deception, but also to routine workplace pressures.

Two-thirds of employees, or 67%, said time pressure and distractions at work lead them to make security mistakes even when they know the correct procedure. The data suggests security lapses are often tied to day-to-day working conditions rather than a simple lack of awareness.

The study also raised questions about whether employees feel comfortable disclosing problems when they happen. While 88% of organisations said employees feel safe reporting mistakes or suspicious activity without fear of blame or embarrassment, 37% of employees said they sometimes choose not to report a security mistake because they feel embarrassed.

That mismatch suggests some organisations may overestimate the openness of their reporting culture. In practice, delayed or absent reporting can make it harder for security teams to contain phishing incidents, credential theft, or unauthorised software use before they spread.

In a statement accompanying the findings, Dr Kawin Boonyapredee, CISO Advisor, KnowBe4 APJ, said: "Cybersecurity has entered a volatile phase where organisations are trying to secure a hybrid human and AI workforce that's changing more quickly than security leaders can keep up."

He added: "Attackers are moving at machine speed, using attacks such as deepfakes to target employees and prompt injections to hijack AI agents. Leaving nearly half of your corporate AI usage ungoverned is a massive open invitation to threat actors."

The results come as companies in Singapore and elsewhere test AI tools across internal operations, customer service, software development, and administrative tasks. As those systems become more embedded in routine workflows, the distinction between human error and system risk is becoming harder to separate.

The Singapore sample was relatively small, but it offers a snapshot of how workers and security leaders view the issue. Its central finding is that organisations are dealing with two linked problems at once: staff who doubt they can reliably detect deepfake deception, and AI adoption moving ahead faster than governance.

For companies, that combination raises the risk that a fake message, manipulated call, or unapproved AI tool could become an entry point into core systems. In the Singapore responses, every organisation surveyed reported some form of human-related cyber impact over the past year.