Seven in every eight (87%) cybersecurity leaders in the Asia-Pacific region are concerned about AI increasing the sophistication and severity of data breaches, according to a survey report from Cloudfare.
The survey was conducted in June on behalf of Cloudflare across a total of 3,844 cybersecurity decision-makers and leaders who are based in 14 markets across APAC — Australia, China, Hong Kong, India, Indonesia, Japan, Malaysia, New Zealand, the Philippines, Singapore, South Korea, Taiwan, Thailand, and Vietnam.
The industries that experienced the most data breaches included construction and real estate (56%), travel and tourism (51%), and financial services (51%).
Threat actors most frequently target customer data (67%), user access credentials (58%), and financial data (55%).
While artificial intelligence boosts organisational efficiency, many fear that cybercriminals will increasingly exploit this technology, with 50% of our respondents anticipating AI will be used to crack passwords or encryption codes.
Additionally, 47% believe AI will enhance phishing and social engineering attacks, while 44% expect it to advance DDoS attacks.
Lastly, 40% foresee AI playing a role in creating deepfakes and facilitating privacy breaches.
Facing these evolving and diverse threats, 70% of respondents report their organisations are adapting how they operate. Key areas impacted by AI include governance and regulatory compliance (40%), cybersecurity strategy (39%), and vendor engagement (36%).
Cybersecurity leaders are gearing up to tackle AI-driven risks, with every respondent expecting to deploy at least one AI-related security tool or measure.
Top priorities include hiring generative AI analysts (45%), investing in threat detection and response systems (40%), and enhancing SIEM systems (40%). IT vendors remain critical, as 66% of respondents have already sought AI solutions from them.
Ransomware remains a growing concern across the entire region. The study reveals that 62% of organisations hit by ransomware paid the ransom, even though 70% had publicly vowed not to.
Overall, a compromised Remote Desktop Protocol or VPN server (47%) proved to be the most common means of entry by threat actors.
There are significant variations across the region, though, with organisations in India (69%), Hong Kong (67%), Malaysia (50%), and Indonesia (50%) are most likely to pay ransoms, while South Korea (19%), Japan (19%), and New Zealand (22%) are the least likely to give in to ransomware demands.
“Cybersecurity leaders face growing pressure from cyberattacks, stricter regulations, and limited resources. To protect their organisations, they must constantly assess talent, budgets, and solutions,” said Grant Bourzikas, chief security officer at Cloudflare.
“Regulation” and “compliance” also emerged as important themes in this year’s study. The survey shows that 43% of respondents said they spend more than 5% of their IT budget to address regulatory and compliance requirements.
In addition, 48% of respondents reported spending more than 10% of their work week keeping pace with industry regulatory and certification requirements.
However, this investment in regulatory compliance has had a positive impact on businesses, such as improving organisation’s baseline privacy and/or security levels (59%), improving the integrity of organisation’s technology and data (57%), and improving the organisation’s reputation and brand (53%).