KnowBe4 Supports Exercise SG Ready 2026
Underscores the Impact of Sustained Security Awareness Training

KnowBe4, the world-renowned platform addressing human and agentic AI risk management, supported the second annual business phishing exercise organised by the Singapore Business Federation (SBF) in partnership with Nexus, Ministry of Defence (MINDEF), and the Digital and Intelligence Service (DIS) as part of this year’s Exercise SG Ready (ESR).
Backed by KnowBe4 and Sekuro, the phishing exercise ran from 1 to 5 February 2026, testing the cyber resilience of nearly 140 businesses, including 25 returning participants. More than 8,500 phishing emails simulating real-world threats were sent to employees across retail, industrial, healthcare, and financial services. KnowBe4 provided customised phishing scenarios reflecting current attack tactics and common email threats. The exercise tracked responses such as email open rates and clicks on phishing links.
Key Findings of KnowBe4
- Open and Click Rates: Approximately 37.5% of phishing emails were opened, similar to last year’s 30%. However, only 7.4% of recipients clicked the phishing link—a marked improvement from 17% in 2025.
- Device Usage: Desktop users accounted for 72.5% of clicks, while mobile users made up 22.4%.
- Internal Trust: Employees were most vulnerable to prompts involving workplace collaboration. Internal communications and file-sharing emails saw click rates of around 11%, compared with 8% for external alerts.
Why This Matters for Singapore Businesses
The decline in click rates is encouraging, but results highlight the need for continuous human risk management. Threat tactics evolve constantly, and reinforcement is vital to ensure secure behaviour becomes instinctive. KnowBe4’s Phishing Industry Benchmarking Report Asia 2025 found that organisations in Asia face an initial 28.6% likelihood of an employee clicking a malicious link. After one year of frequent training, this risk drops by 81.8% to just 5.2%.
“Cyber resilience is not just an IT responsibility—it is a business and national priority,” said Dr Kawin Boonyapredee, CISO advisor at KnowBe4. “While technology provides essential safeguards, human judgement remains the final line of defence. Exercises like this help organisations identify behavioural risk patterns and strengthen them before real threats strike.”
“Phishing emails are becoming far more realistic, and this year’s results show that more can be done to increase employee vigilance,” added Mr Kok Ping Soon, Chief Executive of SBF. “Cyber threats are evolving quickly, and businesses cannot rely on once-a-year training. Continuous vigilance, regular refreshers, and a strong reporting culture are essential to staying ahead. SBF will continue working with MINDEF and our partners to strengthen the cyber resilience of Singapore’s business community.”
For more information on KnowBe4, visit knowbe4.com.
For more information on the Exercise SG Ready, visit https://go.gov.sg/exercisesgready.




