Generative AI has moved from novelty to necessity in less than five years. Across industries, it is driving new efficiencies and unlocking new opportunities for innovation.
Singapore, in particular, has become one of the most advanced AI hubs in Asia, guided by the National AI Strategy 2.0 and supported by a strong governance framework. Businesses here are eager adopters, and employees are quick to embrace new tools.
But this rapid progress comes with new risks. Adoption has been faster than governance, and gaps are widening. EY’s 2024 survey found that nearly 80% of employees are using AI tools in their work. Many of these deployments are unsanctioned.
This year, ABBYY’s research revealed that over 6 out of 10 Singapore firms face “shadow AI” incidents every month. This outpaces the global average and reflects a broader challenge: organisations are struggling to balance innovation with control.
While enterprises see productivity gains, cybercriminals see opportunity. Across Southeast Asia, attackers are turning the same technology into a weapon. They use AI to automate phishing, bypass defences, and launch targeted intrusions at speed. Whether large corporations or small and medium-sized enterprises (SMEs), all organisations face the same level of risk, though the ability to respond and recover varies.
Enterprises must harness the benefits of AI while preparing for the reality that the same technology is already being used against them.
The expanding risks of AI
Recently, Palo Alto Networks reported that AI-driven security incidents have surged 2.5 times and now account for 14% of all organisational breaches. Attacks that once required advanced expertise are now within reach of less skilled actors. AI has lowered the barrier to entry, making threats faster and harder to stop. Phishing emails can be generated in multiple languages at scale, while malware can adapt automatically to avoid detection.
This escalating threat environment affects organisations of every size. Large enterprises must defend sprawling networks and vast volumes of sensitive data. Smaller businesses often lack the in-house expertise to respond quickly when incidents occur.
In fact, 35% of small organisations rate their cyber resilience as inadequate, according to The World Economic Forum’s Global Cybersecurity Outlook earlier this year.
Preventive measures such as multifactor authentication, firewalls, and staff training require investment, but the cost is minor compared with the fallout of a breach. For SMEs, these expenses can feel prohibitive without incentives or support.
Larger corporations face a different set of pressures, including tighter regulatory scrutiny, reputational damage, and compliance penalties.
What unites all enterprises is the widening gap between perception and reality. Many assume their defences are sufficient, yet AI-enabled attacks prove otherwise. Cybercriminals target both the valuable data of big firms and the weaker entry points of smaller ones, making no distinction in intent.
Securing operations without slowing growth
Enterprises must balance security with agility. Overly strict controls risk stalling innovation, and weak safeguards leave critical systems exposed. A zero-trust model, where no user or device is trusted by default, provides a pragmatic foundation by requiring continuous verification.
Consolidation is also key. Many organisations rely on too many overlapping tools, which increases cost and complexity while reducing visibility. Streamlining into integrated platforms makes management simpler and helps close blind spots. Security should also be embedded at the design stage of projects, not added afterwards. When protection and progress move together, innovation is safer.
Cloud adoption adds resilience. Providers now include strong security features as standard, from encryption to continuous monitoring. Leveraging these responsibly allows enterprises to scale without building everything in-house. However, cloud security is a shared responsibility, requiring clear governance and controls.
For many organisations, Managed Security Operations Centre (SOC) services are becoming an important part of the defensive toolkit. These services provide continuous monitoring, detection, and response capabilities that are difficult for many enterprises to sustain on their own. Smaller businesses can use them to close resource gaps, while larger firms often integrate them to strengthen existing security teams and improve response times.
Protecting the AI stack
As enterprises expand their use of AI, the stack itself has become a target. Attackers poison training datasets, tamper with inference environments, and steal proprietary models. For large corporations, the stakes involve intellectual property and competitive advantage. For smaller businesses, the damage may be to operational continuity or customer trust.
Protecting AI systems requires securing data with encryption, access controls, and audit trails. Models must be tested regularly to detect anomalies that may indicate tampering. Inference environments should be monitored in real time, and version control must allow rapid rollback if compromise occurs.
Resilience depends on scalable defences. Large firms may build dedicated AI assurance teams, while SMEs can turn to managed services for monitoring and threat detection. In every case, AI should be treated as business-critical infrastructure, not an afterthought.
Human oversight is essential. AI can spot anomalies at speed, but it cannot replace strategy and context. Skilled professionals are needed to interpret alerts, validate integrity, and guide responses. The strongest enterprises will combine automation with human expertise to keep AI a trusted enabler.
Building resilience through governance
Technology alone cannot close the gap. Enterprises must also strengthen people, processes, and governance. Clear policies on AI use, ongoing staff training, and exercises to simulate attacks are essential.
Regulation is tightening. In Singapore, the Personal Data Protection Act (PDPA) requires organisations to secure personal data, with fines of up to S$1 million. The Model AI Governance Framework provides guidance on responsible use, while global standards such as the OECD AI Principles set broader expectations.
Aligning with these frameworks altogether ensures compliance and builds trust with customers and regulators.
Resilience also depends on culture. Security should be part of daily operations, not confined to IT teams. When leaders set the tone and employees understand their role, enterprises become better prepared to face AI-driven threats.
AI will continue to transform industries, but it will also drive more advanced cyberattacks. Large corporations must secure complex infrastructures, while SMEs must strengthen resilience with fewer tools. The threat is shared across all enterprises.
The path forward is to embed security into AI adoption from the start, align with governance frameworks, and prepare staff to manage risks. Compliance should be seen as a foundation of trust rather than a burden. By doing so, enterprises can ensure AI remains a tool for growth rather than a weapon turned against them.
