Deepfakes and AI-enabled impersonation are no longer emerging risks – they are already testing how Singapore companies authenticate payment instructions and release funds. Recognising this, the Singapore Budget 2026 (Budget 2026) puts resilience, AI adoption and enterprise modernisation at the centre of economic strategy, with new programmes and expanded incentives that businesses can use now to harden payment processes and reduce loss events.
The Real Risk: Governance Failures under AI pressure
For many businesses, the real danger of deepfakes is not the technology itself, but the way it exploits trust, urgency and weak approval processes. AI-enabled phishing, voice cloning, manipulated video calls and business email compromise (BEC) are becoming more convincing. Singapore’s Cyber Security Agency has reported that 8 in 10 organisations in Singapore encountered at least one cybersecurity incident within a 12-month period[i].
Why family businesses and SMEs are prime targets
For small and medium-sized enterprises (SMEs), family-run businesses and lean finance teams, this creates a practical payment-risk problem. A request may appear to come from a director, key executive or trusted supplier, but “looking real” is no longer a valid control. The growing use of AI has amplified the associated risks, with 3 out of 4 people in Singapore unable to accurately distinguish a deepfake from a real video[ii]– meaning “it looked and sounded like my boss” is no longer a control[iii]. In an AI-accelerated landscape, disciplined internal controls, not gut feel, determine loss outcomes.
A pragmatic blueprint: Four proven controls to prevent fraudulent payments before they happen
- Mandate an out-of-band verification for any new payee or changes in bank detail
When your team receives a request to set up a new payee, change a bank account number, or process an urgent payment, a strict verification workflow is essential. Always verify the requester using a trusted internal directory number, not the phone number listed in the request to block impersonation and invoice fraud. Log every check to keep a clear audit trail and reduce social‑engineering risks.
Why this matters: This stops scammers who hijack email threads or impersonate suppliers. - Enforce maker–checker and “cooling‑off” periods
A practical first step is to enable dual approval for any high value payment. This ensures that no large transaction leaves your organisation without a second pair of eyes. Add a 12–24 hours cooling‑off period for new or unusually large transactions. This brief delay creates time to verify details and catch potential fraud.
Why this matters: It creates time to challenge unusual instructions before funds are released. - Use bank‑level money locks to protect your operating cash
Money Lock provides an additional layer of safeguard by ring-fencing part of a business’s available funds from digital transfer. Companies can secure the bulk of their account balance so that it cannot be digitally transferred, leaving only a limited working amount accessible for day‑to‑day use. Unlocking these protected funds requires additional verification, adding deliberate friction helps prevent unauthorised withdrawals before they happen.
Why this matters: Even if attackers gain access, they cannot move your main cash reserves. - Train your team to detect deepfakes and synthetic-media fraud
As deepfake videos, synthetic voices, and BEC impersonation scams become more sophisticated, regular staff training is now essential. Businesses should run realistic drills that expose employees to manipulated audio‑visual content, so they learn a critical rule: a voice or video clip is never a valid instruction. What protects your organisation is the verification process, not the media being used to deliver the request.
Why this matters: AI‑enhanced impersonation now makes fake voices and videos highly convincing.
Budget 2026: Turn national initiatives into practical safeguards
Budget 2026 provides concrete levers to underwrite governance upgrades and AI-ready processes:
- EDGE framework[iv]– The framework streamlines the Market Readiness Assistance (MRA), Productivity Solutions Grant (PSG) and Enterprise Development Grant (EDG) into a single scheme, making it easier to fund end-to-end projects (workflow automation, audit trails, market expansion). There will also be a broader catalogue of AI‑enabled solutions, lowering upfront cost for SMEs to deploy verified tools (IAM hardening, device attestation, secure approvals). Rollout begins 2H 2026; broader support (including non-SMEs) and simplified applications are expected.
- Champions of AI programme [v] – A flagship programme of Enterprise Singapore (ESG) and Digital Industry Singapore (DISG), giving customised support to companies aiming for enterprise‑wide AI transformation—including process redesign and workforce training.
- Enterprise Innovation Scheme (EIS) [vi]: 400% tax deduction on qualifying AI expenditures (cap S$50,000 per YA for 2027–2028), accelerating pilots like anomaly detection, identity‑risk scoring or secure‑approval tooling. support more accessible across business needs.
- New Cyber Resilience Centre (CRC) [vii] hosted at the Singapore Business Federation (SBF) – Operational in 2026. The CRC will function as a one‑stop helpline and diagnostics hub, offering incident triage, cyber‑health assessments, access to CSA programmes, and hands‑on response drills to help SMEs strengthen their security posture[viii].
For businesses looking to build stronger defences against fraud, AI‑enabled threats, and operational disruptions, national initiatives such as Budget 2026 offer timely avenues to co‑fund cybersecurity enhancements and access structured readiness programmes. However, their real value is maximised only when paired with robust internal practices; because resilience ultimately starts with disciplined internal controls, well‑trained staff, and clear escalation protocols.
Call to Action
Now is the time to strengthen your organisation’s resilience. Moore Singapore helps family offices and SMEs in standardising payment controls, deploying phishing‑resistant identity solutions, configuring bank locks and protective holds, and achieving the right security certifications.
Where relevant, we can help you tap Budget 2026 and Enterprise Singapore support schemes to offset implementation costs and speed outcomes.
[i] CSA. (2023). Singapore Cyber Health Report. Available at: https://isomer-user-content.by.gov.sg/36/1051bace-6be7-4c59-934a-e43c952a32ed/csa-singapore-cybersecurity-health-report-2023.pdf (Accessed: 04 March 2026).
[ii] Koh, S. (2025) 3 out of 4 in Singapore cannot identify deepfake content: Cyber security agency survey, The Straits Times. Available at: https://www.straitstimes.com/singapore/3-in-4-in-singapore-not-able-to-identify-deepfake-content-cyber-security-agency-survey (Accessed: 03 March 2026).
[iii] CSA. (2024). 2024 Cybersecurity Public Awareness Survey Available at: https://isomer-user-content.by.gov.sg/36/1051bace-6be7-4c59-934a-e43c952a32ed/csa-singapore-cybersecurity-health-report-2023.pdf (Accessed: 04 March 2026).
[iv] Budget 2026. (2026) Enterprise Singapore. Available at: https://www.enterprisesg.gov.sg/campaigns/budget-2026 (Accessed: 03 March 2026).
[v] Budget 2026. (2026) Enterprise Singapore. Available at: https://www.enterprisesg.gov.sg/campaigns/budget-2026 (Accessed: 03 March 2026).
[vi] IRAS. (2026). Available at: https://www.enterprisesg.gov.sg/campaigns/budget-2026 (Accessed: 14 March 2026).
[vii] Budget 2026. (2026) Enterprise Singapore. Available at: https://www.enterprisesg.gov.sg/campaigns/budget-2026 (Accessed: 03 March 2026).
[viii] Lee Li Ying, K.L. (2025) Cyber Resilience Centre to open in 2026 as one-stop support hub for smes facing cyber threats, The Straits Times. Available at: https://www.straitstimes.com/tech/cyber-resilience-centre-to-open-in-2026-as-one-stop-support-hub-for-smes-facing-cyber-threats (Accessed: 03 March 2026).
