Singapore&#039;s 12,000-SME AI and cyber push: a founder&#039;s view

A point-of-sale tablet on a small retail shop counter, illustrating SME digital and cyber readiness. Photo by Tom Tillhub on Pexels

ASEAN TECH · 1 Jun 2026 —

On 21 May, the Infocomm Media Development Authority (IMDA) announced two programmes to get 12,000 small and medium enterprises ready for AI and for the cyber risk that comes with it. I have spent years building software for businesses this size. The plan gets one important thing right, and runs straight at one problem no programme has ever really solved.

What was announced

Two partners, two tracks. Grab will run an AI programme for 10,000 food-and-beverage, e-commerce and retail SMEs — free online training, masterclasses, and a two-day course built with the Singapore University of Technology and Design (SUTD). Separately, RSM Stone Forest IT will run a Cyber2SME programme for 2,000 SMEs, offering free phishing-simulation exercises and workshops so owners can find their weak points before an attacker does.

The cyber half is the right instinct

The phishing drills are the part I would not change. When a small business gets breached, it is almost never a clever exploit. It is an email, a fake invoice, a call that sounds like the bank. The whole industry spent a decade selling shops firewalls and antivirus while the actual losses came through the front desk. Teaching an owner and their staff to recognise a phishing attempt does more for a ten-person company than any appliance. RSM running simulations, not lectures, is the difference between knowing about a threat and having felt one.

Where programmes like this usually fall short

The gap is not awareness. It is time. The owner of a hawker stall or a small retailer is already doing six jobs. A free two-day course is generous, and it still costs two days they do not have. Adoption schemes tend to count sign-ups and certificates, then quietly lose people at the step where the new skill has to survive a busy week. The measure that matters is not how many SMEs attend. It is how many still use what they learned three months later.

What I would want for a small shop

Training helps, but defaults help more. The most useful thing we can give a small business is tools that are secure and sensible out of the box, so the safe choice is also the easy one — multi-factor authentication switched on by default, scam-aware payment flows, software that does not need a consultant to lock down. A shop owner should not have to become a security analyst to avoid losing their savings to a vishing call. Singapore is right to invest here. The version that works is the one that keeps showing up for these businesses after the launch event, and that lowers the bar to being safe rather than raising the bar to being trained.

Sources & cross-checks

Primary

IMDA — Partners with Grab and RSM Stone Forest IT to uplift 12,000 SMEs

Corroborated

OpenGov Asia

Verified

The 21 May announcement, the 12,000-SME figure, the Grab and RSM programme splits and the SUTD course confirmed against IMDA's release, 2 June 2026. Views are the author's own.

Tags: #Cybersecurity #Singapore #SME #AI-Adoption #imda

Jeffrey Tan

Founder & Architect, RECATOOLS · Singapore

Jeffrey Tan is the Founder & Architect of RECATOOLS, a Singapore-based technology initiative focused on free tools, AI-curated news, cybersecurity intelligence, and ASEAN-ready digital utilities.

View author profile → · Editorial policy