Centre For Cybersecurity Institute Centre For Cybersecurity Institute
Menu
Free 2-minute check

Do I need cyber awareness training for my team?

Eight questions, an honest answer. See where your organisation stands against what Singapore regulators, clients and insurers now expect, and what to do about it.

  1. How many people are in your organisation?
  2. Do your people handle customer, client or patient personal data?
  3. Which best describes your sector?
  4. Has your team had structured security awareness training in the last 12 months?
  5. Do you know your organisation’s phishing click rate?
  6. Any phishing, payment-fraud or malware incident (or near-miss) in the last two years?
  7. Are you pursuing a certification (such as the Cyber Essentials Mark (Singapore, CSA) or ISO 27001), or receiving client security questionnaires?
  8. Does your cyber insurance (or a renewal quote) ask about staff training?

The short answer

If your people use email, approve payments or handle personal data, your organisation already carries the risk this training exists to reduce. Most successful breaches in Singapore start with a person being tricked, not a firewall being defeated: a convincing invoice, a spoofed boss on WhatsApp, a login page that looks right. Technology filters most of it; your team is the control for what gets through.

What Singapore expects of employers

Four expectations do most of the work. The PDPA requires reasonable arrangements to protect personal data, and PDPC decisions repeatedly cite staff training as the baseline arrangement. The Cyber Essentials Mark (Singapore, CSA), the national cyber hygiene certification, expects employees to be equipped as the first line of defence. MAS expects a security awareness programme inside financial institutions. And cyber insurers and corporate clients increasingly ask for training evidence before they will quote, renew or sign.

What good training looks like

Not a click-through module. The evidence from our own engagements is consistent: live sessions with real demonstrations change behaviour in a way slideware does not, and the change is measurable. A strong programme runs live training at least annually, simulates phishing before and after so you get a click rate rather than a feeling, refreshes quarterly because awareness decays, and reports results in a form your board, auditor or insurer can use.

That is how we build the Cyber Safety workshop and the annual awareness programmes, tailored by industry from law firms to energy and industrial teams.

Common questions

Is cyber security awareness training mandatory in Singapore?

No single law mandates it for every company, but the expectations stack up fast: PDPC enforcement decisions treat staff training as a basic protection arrangement under the PDPA, the MAS Technology Risk Management Guidelines expect a security awareness programme in financial institutions, healthcare licensees carry duties over patient information, and the Cyber Essentials Mark (Singapore, CSA) expects employees to be equipped as the first line of defence. For most organisations the practical answer is yes.

How often should employees receive security awareness training?

Annual live training is the accepted baseline, and it is what auditors and insurers ask about. Awareness measurably fades within months, so the strongest programmes add quarterly briefings and phishing simulations between annual sessions.

How much does corporate cyber awareness training cost in Singapore?

With CFCI, live workshops start from S$2,800 (2-hour virtual) or S$5,400 (half-day on site), and annual programmes start from S$19,500 per year. For most organisations that works out to roughly S$65 to S$78 per employee per year, before GST.

Can we use SkillsFuture funding for corporate awareness training?

In-company corporate training like this is engaged directly by the organisation and is not tied to individual SkillsFuture course subsidies. For Malaysian companies, CFCI corporate training is HRDF claimable. Framed per employee, a full annual programme typically costs less than one hour of payroll per person.

Ready to secure your workforce?

Book a 30-minute consultation to scope the right training for your team and your regulatory context.

Chat with us