Financial ripple effects of cyberattacks now extend well beyond operational disruption, reshaping boardroom priorities, financial planning, and growth strategy.
According to the report from Cohesity, 76% of Asia-Pacific (APAC) organisations have experienced at least one material cyberattack – defined in the survey as an incident that caused measurable financial, reputational, operational, or customer churn impact.
Findings are based on a survey of 3,200 IT and security decision makers commissioned by Cohesity and conducted by Vanson Bourne in September 2025. Among them, 1,200 are based in the Asia-Pacific region.
Respondents represent organisations in the United States, Brazil, United Kingdom, Germany, France, United Arab Emirates, Australia, South Korea, Japan, India, and Singapore. The organisations had 1,000 or more employees.
Results show that 73% of publicly traded companies in APAC reported adjusting earnings or financial guidance after an attack and 69% said they observed an impact on their stock price.
Also, 74% of privately held firms redirected budgets from innovation and growth initiatives.
Further, 96% reported experiencing legal, regulatory, or compliance consequences, including fines, lawsuits, or other enforcement actions.
“These findings show that cyberattacks now touch every part of an organisation, testing even the most well-prepared as aftershocks spread beyond technical recovery,” said Sanjay Poonen, CEO and president of Cohesity.
“When incidents compel companies to rethink forecasts, absorb market reactions, and redirect budgets, cyber resilience is no longer just a technology issue. It’s a business and financial imperative,” he said.
While only a small number of public companies have formally disclosed changes to earnings guidance following a cyber incident, high percentages were seen.
Cohesity said these indicate that respondents view material cyberattacks as producing broader financial strain and operational consequences than what public filings typically capture.
This disconnect between market perception and organisational reality is likely influenced by limited disclosure requirements, narrow investor definitions of materiality, and the underestimation of intangible losses such as brand trust, customer churn, supply chain impacts and decreases in productivity.
The research also points to a shift in how enterprises treat cyber risk. While prevention and detection remain priorities, the true differentiator lies in how quickly organisations can recover with confidence and how effectively leaders can reassure markets, regulators, and customers after an incident.
Nearly half of surveyed APAC leaders (48%) and Singapore leaders (52%) expressed complete confidence in their resilience1 strategies, even as costly attacks continue to produce measurable financial fallout.
According to respondents, companies’ cyber resilience strategies are under mounting pressure amid a worsening threat environment.
Results indicate that data recovery remains a significant challenge in the region: 97% of APAC respondents said it takes their organisations more than 24 hours to restore data from backups after a cyberattack, with 12% needing at least a week. In Singapore, the figures were similarly high, at 94% and 18% respectively.
Also, 89% of APAC organisations paid a ransom in the past year (40% paying US$1,000,000 or higher), with 90% reporting revenue impact and 45% facing moderate or significant customer impact.
In Singapore, the impact was even higher with 91% paying a ransom in the past year (48% paying US$1,000,000 or higher), 95% reporting revenue impact and 53% facing moderate or significant customer impact respectively.
This underscores that resilience gaps directly translate into financial and reputational damage.
The most common challenge experienced during a cyberattack was the inability to communicate or coordinate internally due to critical systems being down – such as email, collaboration tools, and ticketing platforms – cited by 52% of APAC respondents and 59% of those in Singapore.
Coordination remains a key weakness, with 66% of APAC and 77% of Singapore organisations acknowledging misalignment across IT, security, legal, and business operations when responding to cyber incidents.
Another common challenge faced was recovery followed by reinfection due to incomplete threat eradication, with 42% of APAC respondents reporting this and 44% in Singapore.
