The 2025 cybersecurity predictions bonanza

The digital battlefield evolves daily, with new threats and technologies reshaping the cybersecurity landscape. As we step into 2025, the stakes are higher than ever, demanding innovative defences and strategic foresight. This year’s roundup gathers insights from leading industry voices, spotlighting trends, challenges, and solutions set to define the future of cybersecurity. From AI-driven threats to emerging regulatory pressures, these predictions equip organisations with the knowledge to protect their digital frontiers and thrive in an increasingly hostile cyber environment.

AI2 Bursts the Bubble
AI2, or the “Artificial Inflation” of artificial intelligence, is set to see its hype deflate across industries. While AI will remain useful for basic automation and workflows, much of the over-promised capabilities, particularly in security, will fall short in 2025. The focus will shift toward practical AI applications that enhance security without overwhelming organisations with marketing noise.

Reverse Identity Theft Takes Centre Stage

Expect a rise in reverse identity theft, where stolen breach data is improperly merged with additional personal information to create false digital identities. This trend will complicate identity security as organisations struggle to differentiate between legitimate and fraudulent personas.

Planned Obsolescence Forces Hardware Overhaul

As Microsoft ends support for Windows 10 in late 2025, millions of systems will become obsolete. Many of these systems lack the hardware capabilities required to run Windows 11, pushing organisations toward hardware upgrades or alternative operating systems. The result will be a massive influx of outdated devices vulnerable to cyberattacks.

The End of Malware Dominance
Malware as a primary threat vector will decline as attackers increasingly exploit identity and access vulnerabilities. Organisations must shift their focus to protecting identities and reducing the blast radius of compromised accounts.

– Morey Haber, Chief Security Advisor, BeyondTrust

Quantum Computing Threats Loom Large

Quantum computing will challenge existing cryptographic defences, especially for large organisations. While NIST’s post-quantum encryption standards were released in 2024, the transition to these new standards will be gradual. Larger enterprises, particularly in finance, must begin planning for this quantum shift to protect sensitive data.

Hidden Paths to Privilege Become the New Battleground

In 2025, attackers will increasingly target obscure identity paths—convoluted trust relationships and hidden entitlements—that can grant privileged access. These minor identity issues will evolve into significant security risks, forcing organisations to reassess their identity and access hygiene to avoid lateral movement and privilege escalation attacks.

– James Maude, Field Chief Technology Officer, BeyondTrust

Cyber Insurance Plays Catch-Up
Cyber insurance carriers will need to reassess policies as AI and quantum computing introduce new risks. In 2025, expect carriers to revise their terms to include exclusions related to AI and quantum risks, much like traditional exclusions for acts of war. This will push businesses to adopt new cyber-resilient practices to maintain insurance coverage.

Satellite Connectivity Disrupts Traditional Networks
With advances in satellite connectivity, traditional 5G and broadband networks will face stiff competition. This shift will introduce new attack surfaces as satellite communication becomes a more widespread alternative.

– Christopher Hills, Chief Security Strategist, BeyondTrust

————————————————————————————————————

  1. LLMs will become the new APT as nation states and even rogue actors exploit them for cyberattacks. LLMs today are vulnerable to jailbreaks and prompting hacking, but the release of HackerGPT, or WhiteRabbitNeo, an open source tool designed for use by red teams, gives anyone access to the power of an LLM that doesn’t have the guardrails other LLMs do. It will create a proof of concept for a brand new critical vulnerability when prompted to do so. The evolution of the technology and availability of new tools like this, will lead to brand new attack vectors and methodologies on a scale never seen before. And the time-to-market for exploit code after new vulnerabilities are discovered will decrease significantly.
  2. As deepfakes become more widespread, we will see start-ups crop up in 2025 that offer identity validation as a service. These services will take multi-factor authentication further by adding additional layers. They will use a combination of government-issued documents like passports, biometric data like signatures, fingerprints and face scans, and behavioural pattern analysis that looks at how a user interacts with a device or website, to verify that individuals are who they say they are for all kinds of transactions and interactions online. This will eventually be required for all digital transactions, like buying a house and taking out a loan, as well as online communications like participating in a video conference. We will eventually see this model used for validating identities for physical transactions too, as the lines between activities in the online and offline worlds get blurred. We’re not far off from chips implanted in hands and elsewhere being used as one of the multi-factors for authentication for in-person transactions.

– Len Noe, Technical Evangelist and White Hat Hacker at CyberArk

————————————————————————————————————

Data Security Posture Management becomes an essential element of cyber resilience.

“Data security posture management — DSPM — aims to solve one of the most complex issues in modern cloud environments: knowing where all your data is and how it is secured. 

According to Research and Markets, the DSPM market is undergoing significant growth, driven mainly by AI adoption. As more (and larger) data sets become available for AI models to consume, the likelihood of sensitive data being exposed to unauthorised users increases significantly.

Cloud, AI, and DSPM will go hand in hand because traditional security methods like DLP (Data Loss Prevention) and CNAPP (Cloud-Native Application Protection Platforms) alone don’t adequately address an organisation’s overall data-related cyber resilience.

A wave of AI agents will increase cyber resilience — and introduce new risks.

The emerging agentic AI market shows endless potential, especially for organisations that use the cloud to scale computing power and storage capacity to train and deploy complex AI models. CISOs focusing on cloud-first architectures will reap the benefits of increased productivity, better customer experiences, and more. Agentic AI also has the potential to help businesses keep their data and cloud apps more secure; imagine a future where AI agents automate threat detection while enhancing the speed of response and resilience.

However, if not implemented cautiously, agentic AI will also risk sensitive data in the cloud. As AI agents become more sophisticated and interconnected, they will likely lead to more security vulnerabilities and accidental data leaks. Savvy business and IT leaders will not let this hold them back from adopting agentic AI but rather drive them to establish guardrails, set up stringent data access policies, and clearly communicate organisational best practices.

– Arvind Nithrakashyap, Co-Founder and CTO Rubrik

————————————————————————————————————

The biggest AI threat isn’t deepfakes, it’s the quantity and quality of cyberattacks — deepfakes are having a moment, but what they really prove is the bigger issue around how AI is accelerating the volume of higher-quality attacks. In fact, 46% of security and IT leaders in Singapore are seeing a rise in AI security scams, underscoring the need for a proactive approach.

AI is currently upleveling the capabilities of even novice attackers to execute more advanced tactics and rapidly discover low-level exploitation techniques. As such, organisations need to pay more attention to how to combat the volume of attacks spurred on by AI.

– Chaim Mazal, Chief Security Officer, Gigamon

AI is masking today’s biggest cybersecurity threat to organisations — visibility — which will make it a priority in 2025. Visibility to what is going in and out of AI models and tools will become a must-have this year. Modern hybrid cloud infrastructure offers significant agility, enabling teams to quickly stand up or take down new applications that further business initiatives. That’s why today, nearly every organisation is leveraging the public or private cloud in some capacity.

Similarly, organisations are utilising a host of third-party tools, including newer AI tools, to secure, monitor, and manage these cloud instances, and traditional infrastructure too.  However, for open-source platforms and their respective large language models (LLMs) to run effectively, they must rely on vast amounts of data pulled from various endpoints to make informed decisions. Amid the rise of adversarial AI, the risk of threat actors manipulating the data funnelled through LLMs is at an all-time high, with incidents of data poisoning and model inversion on the rise. I predict this is just the beginning.

As organisations strive to capitalise on AI’s potential to boost productivity, streamline operations, and make informed business decisions, they face the critical challenge of securing and managing their hybrid cloud infrastructure while assuring the integrity of the data passing through them. Until organisations have a complete view of all network traffic — both North to South (inbound and outbound) and East to West (lateral traffic within the network) — they remain vulnerable. Without this deep observability, there’s not only a significant cyber risk but also a business risk as the data they rely on for business decisions could be compromised. On a positive note, however, 83% of security leaders in Singapore report that their boards are discussing deep observability as a priority to better secure their hybrid cloud infrastructure — reflecting a clear understanding of this urgency.

– Shane Buckley, CEO and President, Gigamon

————————————————————————————————————

Generative AI fuels the machine identity boom

Advancements in generative AI are accelerating automation across industries, reshaping workflows and increasing reliance on machine identities. AI-powered tools now support tasks like document navigation and code development, boosting efficiency and project timelines. As automation grows, 70% of organisations report managing more machine identities than human ones, underscoring the need for trust in these systems. However, 57% of organisations have unintentionally granted inappropriate access to machine identities, making them a critical security risk.

Machine identities: The biggest blind spot

Organisations have improved training and tools to combat phishing and social engineering targeting human identities, reducing their impact. However, attackers are shifting focus to machine identities, projected to grow by 30% in the next 3–5 years, surpassing human identities. Machine identities, often spread across cloud environments and lacking real-time visibility (a capability only 38% of organisations possess), remain underprotected. Without proper controls, attackers can exploit vulnerabilities to manipulate these identities, move laterally within networks, and widen their reach.

The next frontier in identity security

With AI investments in APAC expected to reach US$110 billion by 2028, both opportunities and risks are increasing. Cybercriminals are already leveraging AI for sophisticated threats like deepfake-enabled corporate fraud and automated phishing, prompting regulatory action such as Singapore’s recent ban on deepfakes during elections. To combat these challenges, organisations must adopt unified identity security frameworks. By automating identity management and securing all types of identities—human and machine—organisations can mitigate risks, maintain compliance, and drive business growth at scale.

– Eric Kong, Managing Director, ASEAN, SailPoint

————————————————————————————————————

Cybersecurity in 2025: Trust as the ultimate currency

In 2025, the Asia-Pacific region will face increasingly sophisticated AI-driven cyberthreats, including the mainstream adoption of deepfake attacks and looming quantum security risks. Organisations must pivot to unified platforms powered by transparent and trustworthy AI to build resilience and safeguard against reputational damage.

  1. Unified platforms to simplify cybersecurity infrastructure
    As cyberthreats grow more complex, organisations will shift towards unified data security platforms, reducing the reliance on fragmented tools. These platforms will consolidate visibility across code repositories, cloud workloads, networks, and SOCs, creating a holistic security architecture. By simplifying operations and optimising resources, organisations can better address the ongoing cyber skills shortage and build adaptive defences against evolving threats.
  2. Deepfakes become a mainstream attack vector
    Deepfakes are no longer confined to misinformation campaigns; they are increasingly being used for corporate scams. In APAC, cases like scammers impersonating executives in video calls to authorise fraudulent transactions highlight their growing impact. With advancements in generative AI, audio and video deepfakes will become more credible, used either independently or as part of larger attacks targeting organisations for financial or operational disruption.
  3. Preparing for quantum security threats
    Quantum computing advancements pose a growing risk to encrypted data, particularly through “harvest now, decrypt later” tactics by nation-state actors. While breaking encryption remains unfeasible today, targeting organisations developing quantum technology or storing sensitive data has become a priority for threat actors.

    Organisations must adopt quantum-resistant measures, such as post-quantum cryptography and quantum key distribution, to safeguard critical systems and prevent future breaches. New standards, such as those from NIST, are emerging as essential steps for long-term data security.
  4. Transparency to build trust in AI
    With AI adoption surging, regulators across APAC are focusing on ethics, data protection, and transparency. Ensuring the integrity of AI models, including transparency around data collection and decision-making processes, will be essential for maintaining customer trust. Proactive communication and adherence to evolving AI legislation will encourage innovation while safeguarding user data.
  5. Strengthening product integrity and supply chain security
    Supply chain resilience and product integrity will become a priority in 2025. Organisations will conduct more rigorous risk assessments, review accountability measures, and evaluate insurance coverage to mitigate potential disruptions. Cloud environments, in particular, will see greater emphasis on real-time monitoring and performance tracking to reduce vulnerabilities and maintain operational integrity.

– Simon Green, President, Asia Pacific and Japan at Palo Alto Networks

Attacks using generative AI, in particular deepfakes, are proving to be a major challenge for ASEAN organisations. This, combined with the increased speed, scale and sophistication of threats will force ASEAN organisations to modernise their cybersecurity postures with a centralised, AI-driven, scalable, cloud-based approach, in 2025.

– Steven Scheurmann, Regional Vice President for ASEAN, Palo Alto Networks

————————————————————————————————————

Stopping cloud breaches will require a hybrid approach

Cloud intrusions increased by 75% last year, making cloud security critical for 2025. Attackers are increasingly moving laterally between cloud platforms and on-premises environments, exploiting gaps created by disconnected security tools. To combat these threats, organisations will need a unified security platform that provides visibility across public and private clouds, on-prem networks, and APIs, integrating runtime, posture management, identity, and data security.

Identity will open the door to more cross-domain attacks

Identity-based attacks, which now account for 75% of malware-free initial access attempts, are becoming increasingly sophisticated. Adversaries exploit stolen credentials to target interconnected domains such as cloud, endpoint, and AI models, leaving minimal footprints.

In 2025, security leaders must integrate visibility across the entire kill chain and use cross-domain threat hunting to detect anomalies early. A combination of advanced technology, human expertise, and comprehensive telemetry will be critical to addressing these challenges and preventing breaches.

AI security will dictate innovation

AI’s rapid evolution brings transformative opportunities but also significant risks. Adversaries are targeting AI services and large language models (LLMs) deployed across public and private clouds, compromising their integrity and performance.

To protect AI innovation, security teams will require technologies that monitor AI services, detect misconfigurations, and address vulnerabilities, while integrating protections across the entire cloud estate—from infrastructure to data. Securing AI will be essential for fostering innovation and mitigating advanced threats.

The SIEM renaissance will continue

The transformation of Security Information and Event Management (SIEM) platforms, driven by mergers and acquisitions, will continue in 2025. Organisations now demand cloud-native platforms capable of managing large data volumes, consolidating tools, and delivering real-time intelligence.

Next-generation SIEM platforms provide high-fidelity detections, integrate critical data sources like endpoints and identity, and automate workflows to enhance security operations. In 2025, SOC teams will prioritise platforms that offer actionable intelligence and rapid response capabilities to match the pace of modern threats.

Platforms will dominate security in 2025

Consolidation will remain central to security strategies as organisations seek to eliminate vulnerabilities created by patchwork solutions. Cloud- and AI-native platforms will dominate by integrating threat intelligence, streamlining operations, and reducing costs.

Generative AI will further enhance these platforms by reducing alert-to-resolution times and transforming workflows, allowing organisations to respond to threats more quickly and effectively. In 2025, the convergence of security and IT will become more seamless, ensuring organisations stay agile and resilient against evolving adversaries.

– Elia Zaitsev, CTO, CrowdStrike

————————————————————————————————————

Building an API-First Great Digital Wall for 2025

During a visit to the Great Wall of China, I was struck by its enduring lesson in resilience. Built to protect an empire, it wasn’t just a defence against immediate threats but a long-term strategy to safeguard what mattered most. This principle is equally vital in today’s digital age, especially for cybersecurity.

Application programming interfaces (APIs) are the lifeblood of modern systems, driving everything from AI workflows to global e-commerce platforms. Yet, like unguarded sections of a fortress, unsecured APIs create vulnerabilities ripe for exploitation. To succeed in 2025, organisations must adopt an API-first approach — fortifying these gateways as the cornerstone of digital resilience.

Fortifying API security: The foundations

The Great Wall’s success lay in its proactive design, anticipating rather than merely reacting to threats — a principle echoed in modern API security strategies. Securing APIs effectively requires three key approaches:

  • Shield right: Employ runtime protection through real-time defences, akin to modern watchtowers safeguarding critical operations. This is crucial for industries like financial services, where APIs handle millions of daily transactions.
  • Shift left: Integrate API testing into the development cycle to address vulnerabilities early, reducing costs and strengthening resilience. Proactively discovering APIs from code prevents issues from reaching production.
  • Continuous API discovery: Uncover shadow and phantom APIs — hidden endpoints that act like unguarded wall sections. Automated tools secure these gaps before attackers can exploit them.

These strategies transform APIs from weak links into enablers of innovation, ensuring they stay secure as threats evolve.

Emerging threats in 2025

Two persistent threats dominate conversations with industry leaders across Asia Pacific:

  1. Sophisticated bot attacks: These intrusions leverage advanced techniques to disrupt services and extract sensitive data through APIs.
  1. Reverse engineering of mobile apps: Hackers exploit embedded API calls, posing significant risks for organisations prioritising rapid app launches over comprehensive API security.

Traditional tools like web application firewalls (WAFs) and API Gateways, while valuable, often fail to address logic-based attacks or protect against shadow APIs and malicious payloads. The deeper challenge lies in balancing rapid innovation with robust security.

Embracing platform-based solutions

“Patchwork systems” is a recurring term among CIOs — disjointed tools assembled over time, leaving gaps for attackers. As Chuck Herrin, our Field CISO, puts it: “I want 90% out of 10 tools, not 10% out of 90 tools.”

Organisations must shift to platform-based solutions that unify application and API protection under a single framework. By harnessing AI to analyse telemetry from both client and server, security efficacy improves significantly, enabling the detection of real threats. This approach moves organisations from reactive defences to proactive resilience.

Leading the digital frontier

The Great Wall wasn’t just a structure; it evolved to meet new challenges over centuries. Similarly, cybersecurity in 2025 requires adaptive, AI-powered defences to counter adversaries that don’t yet exist.

The future belongs to those who prepare not just for the threats they can see but for the ones they have yet to imagine.

– Chin Keng Lim, Senior Director, APCJ, F5 Inc

————————————————————————————————————

Prediction 1: Fatigue and confusion around the overuse of the term “AI” will push vendors to focus on demonstrating value

The initial excitement about AI in cybersecurity will fade, leading to disillusionment among security leaders. While 87% plan to adopt more AI tools, concerns about increased workload temper this optimism. Organisations in Asia Pacific must move beyond vague promises of “AI-driven security” to deliver tangible results like faster threat detection and improved accuracy. AI is a toolset, not a one-size-fits-all solution. Understanding specific challenges is crucial; cybersecurity is about minimising risks and preparing for threats. Good hygiene and proactive threat response are essential – organisations must practise identifying and responding to threats quickly and effectively.

Prediction 2: Attackers are using AI to exploit vulnerabilities in security tools

As attackers increasingly leverage AI, a divide will emerge between those who use it skilfully for adaptive attacks and those who employ it more simplistically. By 2025, threat actors will exploit AI for initial access through tactics like deepfakes and phishing. While AI evolves, core attacker behaviours—such as establishing footholds, abusing identity, and moving laterally—will persist. This highlights the need for robust tools like Network Detection and Response (NDR) solutions to counter these threats effectively.

Prediction 3: Focus on regulatory compliance overwhelms defenders and provides advantages to attackers

The growing emphasis on regulatory compliance is overwhelming cybersecurity defenders, giving attackers an advantage. Security teams are stretched thin, prioritising compliance over dynamic threat detection, undermining proactive security. By 2025, attackers will likely exploit this imbalance further. Compliance is essential but does not equate to security and often diverts focus from effective threat mitigation. Analysing logs is critical, but the key is using them to identify and respond to threats. Compliance and security must collaborate to strengthen defences.

Prediction 4: Identity will remain a critical attack vector

Identity-based attacks will dominate in 2025, with attackers using the dark web and generative AI to enhance phishing and business email compromise (BEC). Organisations must prioritise continuous testing for identity compromises using red teams or third-party services, not just annual assessments. Open-source tools can simulate identity compromises, helping organisations prepare for real threats. As generative AI grows, robust identity management practices will be critical to counter evolving attacks.

Prediction 5: Enterprise breaches will be traced back to AI agent abuse

Agentic AI will increasingly analyse attack surfaces and detect natural-language-based threats like phishing, which traditional models struggle with. As reliance on these tools grows, organisations must secure their AI systems and implement robust safeguards and ethical guidelines. Integrating agentic AI will enhance threat detection and foster a proactive security culture, enabling organisations to better protect critical assets.

– Sharat Nautiyal, Director of Security Engineering for APJ, Vectra AI

————————————————————————————————————

Cybersecurity: Everyone’s job

Managing cyber risk at all levels of the workforce — not restricting it to just the top organisational level — should be a priority for security leaders in 2025. This involves the democratisation of cybersecurity, making everyone in an organisation responsible for its defence. The benefits go beyond stronger security and increased resilience; they can lead to cost savings, better efficiency, and even innovation in security practices.

To make this work, organisations must move beyond traditional once-a-year training sessions. Continuous security engagement programs are essential, along with giving employees access to the right self-service tools and resources. This is crucial because the biggest challenge to democratising security is poorly equipped employees and ill-defined processes.

– Rajesh Ganesan, President of ManageEngine

————————————————————————————————————

Threat Actors Will Hijack Supply Chains with ‘Invisible’ Firmware Threats

Nation-state actors are increasingly weaponising firmware supply chain attacks, embedding malicious code during manufacturing that bridges cyber and physical warfare. The recent compromise of communication devices by Israel demonstrates how firmware-level threats can have real-world impact. Traditional defenses and documentation, including Software Bill of Materials (SBOMs), are merely reactive and neglect to provide true visibility and detection of these risks and sophisticated implants. As IoT adoption grows, supply chain risks escalate, making it imperative for organisations to secure every step of the production and distribution process.

Autonomous Business Compromise Will Allow Cybercriminals to Steal Money While You Sleep

Business Email Compromise (BEC) could evolve into Autonomous Business Compromise (ABC), where AI will automate fraud with minimal human interaction. Cybercriminals will target AI-driven processes like supply chain management and financial planning to conduct high-stakes fraud without ever stepping foot in the target’s inbox. This allows cybercriminals to carry out attacks without reliance on social engineering methods to trick an individual into making a payment.

Advanced AI Deployments Will Power the Next Generation of Cyberattacks

AI is the game changer for cybercriminals. By 2025, attackers will leverage AI to automate and accelerate their campaigns, adapting to defenses in real-time and making attacks more effective and harder to detect than ever before. As Singapore aims to position itself as a regional AI hub, it has taken proactive measures to ensure AI’s responsible use and to safeguard against its misuse. The Cyber Security Agency of Singapore (CSA) recently introduced the Guidelines and Companion Guide on Securing Artificial Intelligence (AI) Systems. These comprehensive resources help organisations adopt AI responsibly and securely. They identify potential threats, such as adversarial machine learning, and offer actionable principles for implementing security controls to protect AI systems.

However, as AI becomes integrated into critical functions like supply chain management, financial planning, and healthcare, new opportunities for cybercriminals emerge. Threats such as model manipulation, data poisoning, supply chain disruptions, and AI-assisted fraud are expected to dominate the next wave of attacks. To stay ahead, organisations must balance the benefits of AI adoption with robust security strategies tailored to this evolving threat landscape.

– Rik Ferguson, Vice President of Security Intelligence, Forescout

————————————————————————————————————

Governments Race to Digital ID: 2025 – The Year of the National Identity App

Driven by security threats and the demand for seamless online services, 2025 will see a global surge in government-issued digital ID programs. Countries will accelerate efforts to deploy national digital ID systems, putting secure digital identities in citizens’ hands. This shift, fueled by the limitations of physical documents and the need for stronger cybersecurity, will pave the way for a more secure and inclusive digital future.

Data Privacy Takes Center Stage: Selective Disclosure Drives Verifiable Credentials Boom

The growing demand for data privacy and user control will fuel a surge in the adoption of decentralised identities. Empowered by the ability to selectively disclose only the necessary information, individuals will embrace this technology to seamlessly and securely prove their identity or attributes without revealing their entire personal profile. This rise in the use of decentralised digital credentials will empower individuals to confidently navigate the digital world while safeguarding their privacy. It will also create new opportunities for businesses and public bodies to build trust and offer personalised services without running the risk of compromising user data.

Deepfake Fraud Wave Forces Banks’ Hand: Regulators Mandate New Biometric Payment Authentication

As deepfake technology becomes increasingly weaponised by hostile state actors and criminals in 2025, a wave of account takeovers and fraudulent transactions will force banking regulators worldwide to take decisive action. Led by pioneers like Thailand and Vietnam, countries will mandate the implementation of biometric verification for payment authentication, adding an extra layer of security to protect customers and financial institutions.

This move towards mandated biometric payment authentication will significantly enhance the security of digital transactions, making it more difficult for fraudsters to exploit stolen identities or manipulate systems. It will also accelerate the adoption of biometrics in the financial sector, paving the way for more secure and trustworthy digital banking experiences.

– Andrew Bud, CEO, iProov

————————————————————————————————————

AI, quantum and digital trust will shape the year ahead

The relentless pace of innovation is reshaping digital ecosystems across Asia-Pacific, exposing vulnerabilities faster than they can be secured. As we look ahead to 2025, technologies like artificial intelligence (AI) and quantum computing will continue to reshape the security landscape, and we’re seeing their impact on cybersecurity strategies.

This region, with its rapid digital transformation, faces unique cybersecurity challenges that demand bold, proactive strategies. The predictions for 2025 underscore the urgent need to stay ahead of these vulnerabilities by driving quantum readiness, enhancing transparency, and reinforcing trust as the bedrock of our rapidly changing digital ecosystem.

Here are a few ways AI, quantum and digital trust will shape the year ahead:

  • Post-quantum cryptography takes off: 2025 marks a pivotal year when post-quantum cryptography (PQC) shifts from theoretical frameworks to real-world deployments, with significant momentum in Asia-Pacific. Governments across APAC, including Japan, South Korea, Australia and Singapore, are actively advancing quantum readiness through national initiatives. With impending announcements from the U.S. National Security Agency (NSA) and growing compliance pressures, PQC adoption will surge, empowering industries to embrace quantum-resistant solutions.
  • Organisations will demand resilience and zero outages: The CrowdStrike outage this summer, which caused over 100 flight delays at Singapore’s Changi Airport, underscored the need for better testing of automated updates and stronger digital trust. As IoT adoption grows, concerns about the safety of over-the-air updates, are prompting calls for greater transparency in security practices. In response to these evolving risks, Singapore’s Cybersecurity (Amendment) Bill, passed earlier this year, seeks to enhance oversight and enforce stricter measures on high-risk computer systems crucial to national security.
  • AI-driven phishing attacks will surge: The proliferation of AI will fuel an unprecedented surge in sophisticated phishing attacks, making them harder to detect. Attackers will leverage AI to craft personalised and convincing phishing campaigns, while automated tools will enable them to scale attacks at an alarming rate, targeting individuals and organisations with precision. For example, Singapore registered the highest year-on-year rise in identity fraud among countries in the Asia-Pacific region in 2024, according to a study.
  • Chief Trust Officers will take centre stage: Digital trust becomes a boardroom priority, leading to a continued rise of Chief Trust Officers (CTrOs) who will oversee ethical AI, secure digital experiences, and compliance in an increasingly regulated environment.
  • Automation and crypto-agility become a necessity: With industry shifts toward shorter SSL/TLS certificate lifespans, automation and crypto-agility will emerge as critical capabilities for organisations aiming to maintain secure operations amidst evolving standards.
  • Content provenance goes mainstream: In an era of deepfakes and digital misinformation, the Coalition for Content Provenance and Authenticity (C2PA) is set to redefine how we verify digital content. Expect to see C2PA’s Content Credential icon become commonplace on images and videos to enhance trust across media platforms.

– Jason Sabin, Chief Technology Officer at DigiCert

————————————————————————————————————

A Material Shift for Cybersecurity in APAC

In 2025, governments across APAC will redefine what constitutes a “material” cybersecurity incident, in response to the surge of data breaches and critical infrastructure attacks. The lack of a universally agreed definition of materiality has created inconsistencies, leaving organisations vulnerable and regulators struggling to enforce accountability.

This gap is anticipated to be bridged by nations like Singapore and Australia, as they lead the charge with progressive legislation. For example, Singapore’s amended Cybersecurity Act now mandates that critical information infrastructure operators declare outages or attacks impacting their services or supply chains. Meanwhile, Australia’s pioneering cybersecurity laws impose stringent reporting requirements, including ransomware disclosures within 72 hours.

The sentiment is clear: when it comes to resilience, “good enough” is no longer acceptable. Clearer definitions of materiality will help create a unified standard that will ensure swift and transparent responses to incidents, empower businesses to better fortify their defences, and build greater trust among customers and investors. As AI tools enable more sophisticated cyberattacks, governments and organisations must prioritise resilience, ensuring not just recovery but long-term digital security.

– Simon Davies, Senior Vice President and General Manager, APAC, Splunk

————————————————————————————————————

Continuous Adaptive Trust Takes Centre Stage in the Battle Against Fraud

2025 marks a game-changing shift in identity verification with the rise of continuous adaptive trust — a breakthrough that moves beyond outdated, one-time checks to a dynamic, always-on approach. Imagine a world where trust isn’t assumed but continuously earned and verified in real time. With adaptive trust, any anomaly, like an unexpected login from a new device, automatically triggers extra security steps, creating a seamless blend of protection and ease for users. By applying the right level of friction at exactly the right moment, businesses can stay one step ahead of threats without disrupting the customer experience.

In an era of sophisticated fraud, this adaptive approach will be essential for companies ready to innovate. Continuous trust enables them to react instantly, assessing risks as they arise and recalibrating security measures in the blink of an eye. This transformation not only safeguards customers but also builds stronger, more transparent relationships. In 2025, continuous adaptive trust will drive a new era of confidence in the digital landscape, where security and convenience finally go hand in hand.

– Robert Prigge, CEO, Jumio Corporation

Bots and AI agents will dominate dating apps and e-commerce sites, from swiping right to snagging tickets 

As of this year, bot traffic has skyrocketed, now accounting for nearly half of all internet traffic. This alarming trend, compounded by the rise of AI agents, is set to unleash a wave of automated activity on e-commerce and dating platforms, fundamentally disrupting user engagement and sales. These platforms will face an unprecedented surge in automated bot activity, capable of manipulating various profile types and purchasing strategies at an alarming scale — without any human oversight.

On dating apps, bots and AI agents will ruthlessly optimise profiles to capture clicks and interactions, blurring the lines between authentic connections and deceptive facades – such as in Hong Kong, where victims lost over US$46 million to ‘love’. For e-commerce, bots will wreak havoc on online shopping, particularly during high-demand events like concert ticket sales. Major platforms like Ticketmaster are already battling bots that can snatch up tickets within seconds, and with the added sophistication of AI agents, this competition for coveted items is expected to intensify.

The rise of bots and AI agents poses not only a technical challenge but also a significant threat to consumer trust and market integrity. It compels platforms to act decisively. Given that bots have the power to drastically distort user engagement and purchasing behaviors, it is crucial for platforms to respond effectively. They must deploy robust identity verification tools and advanced liveness detection technologies to unmask bot-operated accounts and safeguard the integrity of their businesses.

– Bala Kumar, Chief Product and Technology Officer, Jumio Corporation

————————————————————————————————————

A prompt injection breach will lead to AI disillusionment

Generative AI introduces a groundbreaking application: the natural language interface to data. However, this innovation brings a new threat vector—prompt injection—with little to no current security.

In 2025, a leading global company is likely to lose significant intellectual property due to a prompt injection breach. This event could plunge AI into the “trough of disillusionment” faster than anticipated, as security risks rattle corporate confidence and undermine the perceived benefits of AI systems.

A generative-AI-enabled super hacking tool will redefine script kiddies

Generative AI empowers even inexperienced operators to launch sophisticated attacks, presenting new challenges for cybersecurity professionals.

Imagine a cyberattack tool that requires only a corporate target’s name to set off malicious activities. In 2025, threat actors could use generative AI to generate phishing emails and escalate access within networks. This ease of use and effectiveness will increase both the volume and sophistication of cyberattacks.

A significant open-source supply chain attack is imminent

The interconnected nature of software supply chains makes them attractive targets for cybercriminals, as demonstrated by the XZ Utils SSH attack. Malicious actors can introduce backdoors into widely-used open-source libraries, compromising countless systems.

In 2025, we are likely to witness a significant open-source supply chain attack with a higher probability of success. To mitigate risks, organisations must adopt a multi-layered approach, including regular code audits, automated vulnerability scanning, and robust access controls. Maintaining a clear inventory of software components and sharing threat intelligence within the cybersecurity community are also crucial.

Increasing API adoption will highlight data leakage and API abuse

As modern application development drives digital transformation, API traffic — already over 71% of web traffic — continues to grow, bringing increased threats and a greater need for API observability.

Threat actors will increasingly target APIs in 2025 to access underlying infrastructures and databases. Businesses must build continuous visibility, categorisation, and monitoring of API data flows. By uncovering hidden APIs, developers and security teams can better address potential security issues.

– Nanhi Singh, Chief Customer Officer and General Manager, Application Security, Imperva

————————————————————————————————————

Cybersecurity in 2025: Navigating the Next Wave of Threats and Solutions

In 2024, the cyberthreat landscape continued to evolve as attackers tried to stay one step ahead of increasingly advanced security tools and maximise their chances of success.  We saw this lead, among other things, to novel phishing techniques, such as text-based QR code phishing, the abuse of URL protection services and the use of popular content creation platforms in attacks.

Anticipated Evolution of Cyberthreats in 2025

Looking forward, cyberthreats are expected to become more automated and evasive, with attackers leveraging AI and other techniques to circumvent traditional defences. There is a growing concern about increased attacks on critical infrastructure and cloud services, sectors that are integral to the APAC region’s digital economy.

The trend towards more advanced and evasive cyberattacks underscores the necessity for security teams to adopt AI-powered defence mechanisms. Machine learning and AI-based tools will be crucial in identifying anomalies and neutralising threats proactively, ensuring that defences can adapt to the evolving tactics of cyber adversaries.

Key Concerns for 2025

As we approach 2025, a primary concern expressed by our customers and partners is fragmented visibility across diverse threat vectors, which complicates the detection and response to complex attacks. Cyberthreats now span email, network, and endpoint layers, making it challenging for security teams to obtain a comprehensive view of potential vulnerabilities.

To address this issue, many organisations are turning to extended detection and response (XDR) solutions, which offer centralised, real-time visibility and rapid response capabilities across various attack surfaces, enhancing detection accuracy and enabling a more cohesive security posture.

Preparing for the Future

As the APAC region continues its digital transformation, the cyberthreat landscape becomes increasingly complex. Organisations must remain vigilant, focusing on unifying their defences and fostering a culture of cybersecurity awareness.

The year 2025 promises both challenges and innovations in the cybersecurity realm. By embracing advanced, unified solutions and prioritising collaboration, businesses across the region can stay ahead of evolving threats and safeguard their digital assets effectively.

– Mark Lukie, Director of Solution Architects – APAC, Barracuda

————————————————————————————————————

Digital Trust Initiatives: Cybersecurity Enhancements

According to IBM’s 2024 Cost of a Data Breach Report, the global average cost of a data breach has reached approximately US$4.88 million, marking a 10% increase from the previous year. With growing reliance on digital technologies, enhancing cybersecurity measures has become paramount. Organisations are focusing on building digital trust through robust security frameworks to protect sensitive data. The adoption of zero-trust architecture continues to gain traction as organisations move away from traditional perimeter-based security models. This approach requires continuous verification of all users and devices attempting to access resources, minimising the risk of unauthorised access. As organisations increasingly rely on cloud services, vulnerabilities in cloud environments have surged, highlighting the need for robust cloud security measures and continuous monitoring.

– Amitabh Sarkar, Vice President & Head of Asia Pacific and Japan – Enterprise at Tata Communications

————————————————————————————————————

Cybersecurity evolves to machine scale

The rising complexity of threats will drive a shift toward machine-scale cybersecurity. Networks will play a dual role: connecting and protecting. By leveraging automation and AI, companies will enhance threat detection and response, safeguarding both operations and reputation in an increasingly interconnected world.

– Tay Bee Kheng, President, ASEAN, Cisco

————————————————————————————————————

Threat Security

The ICS, OT, and IIoT threat landscape will evolve with AI-enabled attacks enhancing precision and evasion. Geopolitical tensions will intensify targeting of critical sectors like utilities and space systems. Wireless technologies, such as drones and autonomous devices, will expand exploitation opportunities due to misconfigurations. Hybrid SaaS adoption will grow but increase vulnerabilities, requiring proactive security measures.

Will the ICS/OT/IIoT industries improve in delivering secure products?

Progress in delivering secure ICS/OT/IIoT products will be gradual. Despite secure options in traditional OT, repurposed IT/IoT devices remain a risk. New regulations, such as Australia’s Cyber Security Act, will mitigate some threats but won’t significantly expedite product security advancements.

Attack Surface Management

The industrial attack surface will grow with IoT proliferation and wireless communication adoption. As IT environments strengthen defences, attackers will increasingly target industrial systems, highlighting the need for robust protections.

Threat Intelligence – Will the importance of threat intelligence change in 2025?

Automation in threat intelligence will enhance its application, reducing delays and noise. Accurate IT and OT-specific feeds will allow teams to focus on actionable threats, improving relevance in industrial environments. Long-term, state-sponsored groups may attempt to manipulate threat intelligence data, but this is unlikely in 2025.

Expanding attack surfaces in non-traditional sectors highlight the urgent need for broader cybersecurity awareness and proactive defence:

Cyber threats are extending beyond IT to sectors like hospitality and building management. Interconnected systems, such as elevators and HVAC, are attack vectors. Broader awareness and proactive defences are crucial to address reputation and operational risks.

Threat intelligence sharing is crucial for effective cybersecurity and requires greater public-private and international collaboration:

Real-time threat intelligence sharing is critical for countering sophisticated attacks. Australia’s Cyber Security Act amendments may enhance public-private collaboration, while international cooperation remains key. Nozomi Networks contributes through intelligence sharing and integration in its solutions.

Evolving cybersecurity regulations, including recent amendments to the Cyber Security Act, are driving higher global standards and increased international collaboration:

Australia’s cybersecurity regulations are setting a global standard, with ripple effects on global supply chains. Early adopters of stricter requirements will gain competitive advantages.

OT cybersecurity faces challenges from increasing regulations and budget constraints, but the market continues to grow amidst rising competition:

Budget constraints, regulatory pressures, and market saturation challenge OT cybersecurity. However, rising cyber risk awareness and the expanding attack surface continue to drive market growth.

Automation, driven by AI, is crucial for addressing the growing volume of vulnerabilities, but OT adoption faces hurdles:

AI-driven automation is essential for managing growing vulnerabilities. While operational concerns hinder adoption, automation can empower human expertise, streamlining threat detection and vulnerability assessment.

Rapidly transforming cybersecurity landscape driven by AI, cloud migration, automation, and evolving supply chain risks:

Generative AI, cloud migration, and 5G/LoRaWAN will reshape cybersecurity. Automated incident response and robust supply chain security are essential for adapting to evolving threats. Protecting AI systems is equally critical.

Additional comments

Drone and satellite vulnerabilities expand the attack surface, demanding integration into cybersecurity strategies. Continued research and mitigation efforts are vital for addressing these emerging threats.

– Ammar Hindi, Vice President Asia Pacific, Nozomi Networks

————————————————————————————————————

  1. The need for essential security safeguards in the era of AI

In 2025, we’re going to witness a seismic shift in how organisations across APJ embrace artificial intelligence. Nearly half of businesses are gearing up to significantly increase their AI investments, setting the stage for an explosion of innovation. By 2028, we anticipate over $110 billion being funneled into AI technologies. We’ll see an essential pivot towards AI security that cannot be ignored. Organizations will need to focus on two key areas: safeguarding their AI systems from vulnerabilities and defending against increasingly sophisticated AI-driven attacks. Cybercriminals are already leveraging AI to make their methods more effective and evasive, which means businesses must ramp up their security frameworks to counter these evolving threats.

  1. Electoral cyber threats are a real problem and will continue to be so

In the past year, it was a record year for elections worldwide where approximately 4 billion people across 60 countries were expected to vote, including major elections in the US, UK, EU, Taiwan, South Africa, and India. Generative AI made its mark on these elections, with sophisticated attacks meant to deceive voters and impact elections. 2025 will be the year these tools and techniques – such as deepfakes, targeted scams, social engineering – move down-market and become readily available to ordinary cyber criminals. Consumers and organisations need to be on the alert for fakes and scams across all forms of interaction: email, text, phone calls and video calls.

  1. LLM’s security risks become tangible

The hype surrounding large language models (LLMs) will face a stark reality check as security vulnerabilities come to the forefront. While some exploitable flaws have already been publicly disclosed, we can expect an uptick in both the frequency and severity of these issues. LLMs present a significant attack surface for malicious actors, and the nature and locations of these vulnerabilities will become increasingly evident. As the risks become clearer, organizations will need to weigh the promise of LLMs against the potential security pitfalls, leading to a more cautious approach in their AI strategies.

  1. Building agile security systems needs to include our security fundamentals

Starting in 2025, I think we will see an increasing focus on two aspects of AI security: protecting AI systems and defending against AI-driven attacks. After all, cyber criminals are also looking at how to leverage AI to make their attacks more evasive, more efficient, and more effective. AI will lower the barriers to entry for attackers, accelerating their ability to identify and exploit vulnerabilities. While it is important that we focus on AI, we cannot forget our security fundamentals. Attackers will still come after our API endpoints, and they will still conduct phishing attacks. We need to ensure that patches are deployed in a timely manner, our safeguards are always on, and that people are continuously trained to identify and mitigate malicious activity. Because with or without AI, those threats are not going away.

– Reuben Koh, Director of Security Strategy, Akamai Technologies APJ

————————————————————————————————————

Cybercrime is set to cost the global economy an estimated US$12 trillion in 2025, making it the third-largest “economy” in the world. This evolving threat landscape highlights the critical need for cyber resilience as businesses continue their digital transformation. Three key trends are set to dominate: sophisticated ransomware, AI-enabling threat actors, and geopolitical fractures fragmenting the digital ecosystem.

Ransomware’s evolution:

Ransomware is becoming complex, with multi-extortion tactics combining data theft, encryption, denial-of-service attacks, and reputational damage. These multi-layered attacks, a prime example being the Change Healthcare breach, are causing prolonged recovery times and costing businesses millions. As ransomware evolves, the potential for widespread disruption will increase, potentially creating a cyber Pandemic.

AI-Powered threats:

AI is enabling attackers to scale and personalise attacks with alarming efficiency. GenAI tools like WormGPT and FraudGPT can easily facilitate phishing campaigns and malware generation, while adversarial AI techniques such as prompt injections and model poisoning, could make detection and mitigation far more challenging. Compromising GenAI platforms for reconnaissance and exploitation is also emerging as a major concern.

Geopolitical fractures:

Geopolitical tensions are driving a bifurcation of global technology ecosystems, creating distinct digital divides between the East and West. This fragmentation could further undermine the cyber safety of shared infrastructures, making state-sponsored cyberattacks more frequent and targeted. Incidents like the SolarWinds breach have already highlighted how fragmented supply chains and state-sponsored campaigns can undermine global security, making digital infrastructures more vulnerable.

Emerging threats:

The proliferation of IoT devices and the looming impact of quantum computing are expanding attack surfaces. IoT devices, when compromised, can be leveraged as botnets for large-scale attacks. Meanwhile, quantum computing’s potential to break traditional encryption is prompting threat actors to adopt a “harvest now, decrypt later” approach.

Proactive measures:

To counter these challenges, organisations must prioritise:

  • Cyber resilience through regular security assessments, robust incident response plans, and continuous employee training.
  • AI-enabled defences that detect, adapt, and respond to threats in real time.
  • Supply chain security by assessing vendor practices and maintaining operational visibility.
  • Collaboration between industries, governments, and research bodies to share threat intelligence and develop innovative solutions.

By adopting a proactive, multi-faceted approach, businesses can navigate this volatile landscape and build long-term resilience.

– Teo Xiang Zheng, VP of Advisory, Ensign InfoSecurity

————————————————————————————————————

Navigating 2025: Seven Cybersecurity Predictions to Stay Ahead of Emerging Threats

AI agents will proliferate

We expect to see more AI agents perform specific tasks with high proficiency, enabling more tailored and robust AI applications. As AI systems mature, we will see an increase in AI brokers: intermediaries that combine various AI agents to deliver more comprehensive, versatile solutions. 

AI will become more embedded into everyday endpoint devices

With Microsoft’s 2nd Wave and Apple AI set to launch at the end of this year, AI will become more embedded into everyday endpoint devices, transforming the way average users interact with technology. As AI features being available Out of the Box become standard in Windows, Mac, and mobile devices, users will be able to harness capabilities like real-time analytics, personalised insights, and task automation directly on their devices for work. 

There will be an acceleration of attacks on AI 

Many of the current AI models and implementations may not have been designed with adequate security protection and guardrails. This has allowed many cyber attackers to poison data or circumvent AI system guardrails. Furthermore, attackers are using AI to launch more sophisticated social engineering (such as deepfake) and fraud campaigns. Organisations must prioritise stronger security measures and embed security frameworks directly into AI models to mitigate these risks. 

Machine identity security programs will become essential for modern enterprises in 2025 

Attackers are increasingly zeroing in on machine identities, particularly in cloud-native and development environments. As digital certificate lifespans shrink (From 398 days to 90 days for Google and 398 days to 45 days for Apple by 2027), organisations that rely on manual certificate lifecycle management processes could face a higher risk of outages and security risks if they do not create dedicated Machine Identity Security programs. Machine identities can support organisations through automated certificate lifecycle management to ensure seamless continuity and compliance.

Adversaries will increasingly target cloud-native environments by exploiting machine identities

Cloud-native and developer environments will become even bigger targets due to the surge in machine identities – such as cloud access tokens, API keys and service accounts. Machine identities now outnumber human identities by 45 to 1, and this gap is expected to widen, set to reach 100 to 1 soon. 

Post-quantum readiness will become a pivotal focus for businesses

In the coming year, companies will start replacing untrusted certificate authorities (CAs) as part of their transition to quantum-resilient systems. Through integrated solutions, security teams should streamline securing machine identities and lay a strong foundation for a successful migration to a post-quantum future.

Organisations will have an increased focus on resiliency and vendor risk management

Following high-profile outages from major vendors, there will be a growing demand and need to achieve organisational resiliency and lower risk. In 2025 and 2026, businesses will demand greater transparency and assurances from vendors, moving toward resilient, multi-cloud or hybrid architectures to reduce downtime and dependency on single providers.

– Jeffrey Kok, VP of Solution Engineers for Asia Pacific and Japan, CyberArk

————————————————————————————————————

In 2025, deepfake technology will likely be one of the most concerning cybersecurity challenges worldwide. This AI-powered threat will enable increasingly sophisticated social engineering attacks, bypassing traditional detection systems and exploiting human vulnerabilities. We anticipate a surge in insider threats, with deepfake-generated “employees” infiltrating organisations to steal data or execute ransomware schemes.

The role of AI in this landscape will be a vital defence mechanism. AI-powered resilience frameworks that allow organisations to adapt dynamically to complex threats will be crucial in the AI arms race against bad actors. Next year, developers will work with AI to increasingly enhance detection, enabling real-time adjustments to secure data flows and protect sensitive systems.

To further combat deepfake-driven attacks, businesses will start to adopt advanced identity verification strategies, like behavioural analysis and contextual authentication, that go beyond traditional passwords and biometrics. Predictive AI capable of evaluating both technical systems and human behaviours will help organisations adapt swiftly to emerging threats. The future of cybersecurity lies in building agile AI-enhanced defences that address both technical and human vulnerabilities head-on.

– Stewart Garrett, Regional Vice President, ASEAN & Japan, MongoDB

————————————————————————————————————

Generative AI will lead to a rise in traditional fraud schemes

A new wave of traditional fraud is coming at us full steam ahead. With generative AI easily accessible to hackers, we’re going to see more impersonation tactics posing a huge threat to our society. Hackers are quickly becoming more proficient in identifying vulnerable attack surfaces, and the human element is one of the biggest. For example, we can expect there to be more impersonations of police officers or high ranking C-suite from Fortune 500 companies being generated by GenAI in efforts to gain access to login credentials, PII and more. As we enter 2025, there will be a bigger emphasis on identity protection measures as we learn to contend with impersonation issues. This means having stronger authentication methods like MFA and IAM tools that check for abnormalities for where and when credentials are being used and what they are trying to access. Leaning into these tools will be critical in combating this new wave of traditional fraud we will likely see ahead.

Increased focus from private industry on bolstering cyber defence measures

With more aggressive nation-state hacking, advanced persistent threats, and coordinated infrastructure attacks, it’s clear that cyberattacks are more often disrupting our economy, and more industries are recognising that they have targets on their backs. In 2025, we will see the private sector start to continually work to get involved in efforts to boost information sharing to help industries get ahead of attacks amid rising geopolitical tensions. With more industry participation in ISACs (Information Sharing and Analysis Systems), we’ll see a bigger effort in fostering a proactive cybersecurity culture, further enabling organizations to share information, resources and ultimately stronger defenses.

– Mark Bowling, Chief Information Security and Risk Officer, ExtraHop

Ransomware is becoming more complex

Geopolitical tensions are escalating globally and as a result, cyber warfare experts are predicting intensifying ransomware attacks in the near-term. Further exacerbated by a business climate in which most organisations are paying the ransom, there is no indication these attacks will slow down. The cybercrime gang Scattered Spider proved to be a sophisticated threat this past year, using modern techniques such as auto-generation of phishing pages to target financial institutions for lucrative ransom payouts. The group and other ransomware threat actors are considered experts in social engineering, finding success in using techniques like phishing, push bombing, and subscriber identity module (SIM) swap attacks to obtain credentials and gain access to an organisation’s network. These social engineering attacks will only grow more complex as adversaries leverage AI and ML to be more convincing and evade existing controls. It’s up to organisations to improve their security posture and build resilience against these increasingly complex threats.

– Simon Howe, Area Vice President, ANZ, ExtraHop

————————————————————————————————————

Democratising cybersecurity

Per PWC, “The number of mega breaches experienced by Asia-Pacific organisations in the past three years has risen considerably: in 2023, 35% of organisations say they have experienced data breaches costing anywhere from US$1m to US$20m over the last three years.” This highlights how managing cyber risk at all levels of the workforce—and not restricting it to just the top organisational level—should be a priority for security leaders in 2025. This involves the democratisation of cybersecurity, which essentially makes everyone in an organisation responsible for its defence. Organisations stand to benefit from proactive security management, increased cyber resilience, cost savings, increased efficiency, and innovation in security practices. Organisations should ensure employees undergo dedicated continuous security engagement programs. Since the biggest challenge to democratising security is poorly equipped employees and ill-defined processes, organisations should also ensure that employees only have limited access to self-service tools and services.

– Rajesh Ganesan, President, ManageEngine

————————————————————————————————————

2025 isn’t the year to hope for the best—it’s the year to prepare for the worst. Cyberattacks have become a relentless certainty with ransomware already accounting for 11% of all cyber incidents, and with the nation’s new Cyber Security Act mandating ransomware payment disclosures within 72 hours, the stakes have never been higher. Boards now face an unenviable balancing act—pay a ransom and risk reputational, governance, and financial damage, or refuse and grapple with operational paralysis. 

In response, the nation’s Cyber Security Act, the new Cyber Incident Review Board (CIRB) looks to offer a glimmer of hope. These no-blame panels promise to turn hindsight into actionable foresight, dissecting breaches to uncover lessons that could reshape how we respond to cyber threats, meaning, we could see CIRB’s findings influence not just future national policy but also reshape how organisations strategise, mitigate risk, and recover.

For organisations however, this past year has sent a clear message: the dream of tech consolidation, betting it all on one provider, doesn’t just limit innovation—it raises costs, reduces productivity, and ultimately magnifies risk. We’ll see organisations shed the illusion of IT consolidation and embrace a best-of-breed approach with vendors at the big end of town forced to follow suit or be rapidly left behind. Flexible, open architectures allow businesses to sidestep sub-par solutions, perform at their best, and defend their operations with the right tools for them. This shift won’t just be about patching vulnerabilities—it’ll be about creating systems that thrive under pressure, adapt on demand, and bounce back stronger than ever.

– Peter Lees, Head of Solution Architecture APAC at SUSE

————————————————————————————————————

2025 will be a pivotal year for Internet of Things (IoT) security driven by multiple certification programs including the U.S. Cyber Trust Mark, CSA Verified, and EU RED addendum. These initiatives aim to help secure billions of IoT devices along with associated apps and platforms targeted by threat actors across homes, businesses, and critical infrastructure. A recent report found that an astounding 99 per cent of exploitation attempts on IoT devices use previously known and fixed vulnerabilities (CVEs). 

While these initial efforts to establish security guidelines and basic requirements for IoT manufacturers are a significant step forward, it will take years—and multiple revisions—before they evolve into standards capable of addressing the full scale of today’s security challenges.

The private sector will play a critical role in this journey through policy workshops, collaboration with governments, and ongoing research, helping to set industry benchmarks that will complement formal security frameworks and standards.

– Dan Berte, director of IoT security, Bitdefender

————————————————————————————————————

2024’s going down in the history books as one of the most eventful years in cybersecurity to date. Cohesity’s intent to acquire Veritas’ data business is just one example of a year filled with industry-changing acquisitions, long-awaited IPOs, massive venture capital investments, and big takedown moments that had the everyday consumer talking about enterprise security. All of this occurred alongside economic ups and downs and market uncertainty.

As I look to 2025, I expect to see a couple of things:

  • Profitability is the number one signifier of durability, and in 2025, those who prioritise profitability will be far better set up for long-term success. Selecting a security partner is far too important for customers to place their trust in a company that won’t be around in five years. They need a partner that’s reliable, responsible, and durable when things get difficult, and that means focusing on future-proofing and building a company to last. I acknowledge this is not an easy goal to achieve. It requires discipline and consistency among all parties from C-level executives to board members to investors. However, if achieved, customers will take notice.
  • 2025 will be the year companies go beyond experimenting with AI and fully integrate it across core business functions, driving meaningful productivity gains and cost savings across the board. We’ll see AI-empowered cybersecurity processes proactively detect and respond to threats in real-time, minimizing downtime and protecting data more effectively than ever. This approach of embedding AI into every layer of operations will not just reduce operational costs, but will fundamentally transform how companies operate in today’s digital-first world.

– Sanjay Poonen, CEO and President, Cohesity

————————————————————————————————————

Vendor lock-in is a crutch that will lead to increasing breaches in 2025 – organisations must start their security transformation journeys. 

The deeply rooted foothold that vendors have in organizations’ environments has become one of the main drivers of complexity. The bottom line is that complexity creates chaos, and chaos distracts from the real priorities when it comes to securing an organization. Being held hostage by a vendor, to a point where moving off of them seems impossible, is the moment they begin to help shift the balance of power back in favor of threat actors. The hyper-focus on “digital transformation” over the past few years – implementing a myriad of new tools and vendors across the organisation to rapidly innovate – has left security in the dark. In 2025, we will feel the full weight of having fallen victim to the cycle: shiny new tools, Wall Street’s buy-in, rush to implement, repeat. We must now shift focus to “security transformation,” and begin to remove the tools and vendors that are causing complexity vs. furthering innovation. 

In 2025, disinformation will transcend the Internet and social media, and move to poison and taint AI models. 

Information sharing exists at an order of magnitude faster, and more efficient than ever before. And in the world of AI, data is the only currency and organisations that have the most will win – but quantity doesn’t always equal quality. AI on its own will not solve the world’s most critical problems. The successful implementation and use of AI depends on data. But as disinformation continues to plague society, it will begin to trickle into AI models that are critical to making decisions – e.g., calculating goods needed to restock grocery store shelves, diagnosing sick patients, or analyzing market trends to share financial risks with bankers.

Broad brush cyber regulations legislated with good intent will have a reverse effect in 2025 – creating complexity and having no real impact on stopping attacks. 

In the past few years we have witnessed a cadence of record shattering, significant breaches that have drawn the eye of regulators. But while their attempts to raise the security resiliency of organisations are aimed to be helpful, they are often knee jerk reactions that require unrealistic efforts. This is a complete misstep, with much of today’s regulatory efforts ineffective and not focused on the most critical aspects of security controls. Regulators still fail to recognize what will make the biggest difference in moving the needle towards immutable infrastructure.

– Grant Bourzikas, Chief Security Officer, Cloudflare

————————————————————————————————————

In 2025, the urgency of cybersecurity threats will continue to loom over cloud environments, posing a significant challenge in maintaining access to such environments and sensitive credentials. Exposed, reused, and leaked credentials will serve as the gateway for many adversarial groups to gain initial access to environments. Malicious players will intensify their focus on defence evasion tactics, striving to evade detection for as long as possible to execute their objectives.

Businesses must remain vigilant and proactive, ensuring their teams are well-versed in sound cybersecurity hygiene, communicating emerging risks between teams and leadership groups, configuring security for their cloud environments, and investigating threats that align with their environment, whether it’s the cloud, Windows, Mac, or Linux. 

Generative artificial intelligence (GenAI) will play a pivotal role in automating security workloads, empowering cybersecurity teams to effectively combat the growing threats. In 2024, the volume and velocity of cyber-attacks outpaced many teams’ response capabilities, but with GenAI, we can look towards a more secure future. 

– Jake King, Head of Threat & Security Intelligence, Elastic

————————————————————————————————————

Ubiquitous AI in Security Operations

While AI has become common in tools like SIEM and UEBA, 2025 will see generative AI augmenting nearly every layer of cybersecurity, from endpoint protection to threat intelligence. The ubiquity of these systems will enable a much more dynamic and resilient security posture, able to address complex threat landscapes with speed and precision. Organizations should invest now in AI security certifications and frameworks, positioning themselves to meet emerging regulatory and compliance requirements around AI in cybersecurity. This foundation will be key as more AI systems are integrated across security architectures.

Enhanced Defensive Capabilities with AI-Powered Copilots

On the defensive front, AI copilots will become indispensable in cybersecurity operations, speeding up threat detection, investigation, and response. By 2025, every cybersecurity operator will likely be equipped with a generative AI copilot, streamlining complex analyses and providing actionable insights in real-time. Companies should prepare to integrate these copilots, ensuring interoperability with existing security infrastructure and training operators to collaborate effectively with AI assistance. This dual human-AI approach will elevate response speed and precision, especially in high-stakes incidents.

– Steve Wilson, Chief Product Officer, Exabeam

————————————————————————————————————

Strategic Incident Prevention and Response Planning with Early Warning

Organisations are increasingly focusing on early warning strategies to detect and prevent threats before they materialise. By leveraging actionable intelligence, they can proactively address common vulnerabilities, reducing the likelihood of attacks at their source. Identifying the root weaknesses behind these vulnerabilities and addressing them comprehensively allows organisations to prevent entire categories of similar attacks. For instance, many organisations employ multi-factor authentication (MFA) to prevent account takeover attacks, exemplifying a “left of boom” approach.

In military terms, “left of boom” refers to actions taken to disrupt adversary plans before an explosive event occurs. In cybersecurity, it signifies a proactive stance to detect and mitigate threats before they penetrate defences. 

Rise of Detection-as-Code

Today’s Security Operations Center (SOC) detections often lack robust validation for accuracy, resulting in limited effectiveness against real threats. This is largely due to the ad-hoc implementation of detection processes, where rules are hastily added to SIEM systems without rigorous testing. However, by 2025, the widespread adoption of detection-as-code (DaC) is expected to transform SOC capabilities. This methodology will allow SOC teams to program, version control, and deploy detection logic with the precision and efficiency of continuous integration/continuous delivery (CI/CD) pipelines in software development.

AI Arms Race in Cybersecurity

The race to leverage AI in cybersecurity continues, with threat actors and defenders alike deploying AI-driven systems. AI-powered tools will be essential for detecting and countering threats in real time, necessitating continuous input from real-world asset exposure data to maintain efficacy.

Synthetic Data for AI Training

In 2025, the growing concerns around data privacy and regulatory constraints will drive a significant increase in the use of synthetic data for training AI models in cybersecurity. Synthetic data will enable AI systems to learn patterns, detect threats, and improve defenses without accessing sensitive or personally identifiable information (PII). This approach ensures compliance with privacy laws like GDPR while allowing for robust AI-driven security measures to be developed.

Open Source Software Libraries

Open-source software libraries will remain a prime target for threat actors, as they are integral to many commercial and enterprise applications. The inherent transparency of these libraries offers attackers an accessible entry point to exploit vulnerabilities, insert malicious code, or compromise supply chains. As dependency on open-source components grows, securing these libraries becomes paramount. 

SOAR with AI: The Future of Cybersecurity Operations

The promise of SOAR (Security Orchestration, Automation, and Response) has been significant in streamlining cybersecurity operations. However, it has yet to fully deliver on its potential. The integration of AI into SOAR platforms promises to revolutionise this landscape, transforming these systems into the intelligent, responsive tools they were always envisioned to be. By utilising AI for dynamic and adaptive defense strategies, SOAR can enhance its capabilities to automate complex threat detection, analysis, and response processes with unprecedented efficiency and precision.

– Andrew Grealy, Head of Armis Labs, and Michael Freeman, Head of Threat Intelligence, Armis

————————————————————————————————————

Phishing kits will get trickier

Phishing continues to be an effective method for Identity-based attacks, and we don’t expect that to change just yet. In fact, we’re increasingly seeing scammers using advanced phishing kits — virtual toolboxes of resources designed to make attacks much easier to launch and repeat. 

In 2025, these kits will evolve to make phishing even harder to detect. For example, some kits are now able to bypass impossible travel flags, using residential proxies to spoof the real user’s location. 

To combat tactics like these, we strongly recommend that organizations adopt phishing-resistant authentication and block requests from anonymizing services.

Device-based attacks will make a comeback

We’re already seeing a shift to device-based attacks, with hackers working to compromise users’ phones, laptops, and networks. They might trick a user into installing malware, for example, and then steal their login credentials so they can access sensitive systems and data within the user’s company, or they’ll initiate a cross-device authentication attack, setting up a connection between their own device and the one they’ve just compromised so they can forward authentication requests to themselves and impersonate that user to gain access.

By establishing device trust, organizations can thwart device-based attacks by ensuring only authorized people and technology can access specific resources. By integrating with endpoint detection and response (EDR) services, you can protect against threats like malware and ransomware thanks to always-on monitoring of end users’ devices.

Downgrade attacks will continue surging

In 2024 we’ve seen an upswing in downgrade attacks, in which an initial tactic causes a targeted system to switch to a less-secure mode of operation, making it more vulnerable to a follow-on attack. 

Downgrade attacks can compel users to abandon phishing-resistant authentication methods for less secure ones. For example, an attack might come in the form of an SMS message asking a user to disconnect the Yubikey from their laptop. Or a call from someone pretending to be on the user’s IT team, asking them to remove a security factor from their account. 

We expect downgrade attacks to continue posing a significant security threat in 2025. Again, while implementing secure processes and procedures is critical, employees also play an important role. Teach them to be wary of social engineering attacks, and to never provide passwords or codes over channels like SMS. 

GenAI will pose new challenges

This year alone, we’ve seen several stories of scammers using deepfake videos of C-suite leaders to trick employees into transferring money or sharing sensitive information. In 2025 we should expect to see more deepfakes go real time, with audio and video generated on the fly to mimic real conversations. 

Business processes must evolve to mitigate the impact of threats like these. Employees could be encouraged to start using code words or safe phrases to confirm each other’s authenticity. Companies should create a culture where they feel empowered to push back when they feel like leaders are making unreasonable, potentially suspicious requests.

– Brett Winterford, Regional Chief Security Officer, Asia Pacific & Japan, Okta

————————————————————————————————————

AI in Cyberattacks – Subtle but Significant Impact Will Persist in 2025

Despite initial concerns about AI’s transformative threat in cybersecurity, we’re seeing that its role in cyberattacks has been more supportive than groundbreaking. Generative AI has become a tool for attackers, yet its applications are still limited to simpler, lower-level tasks. For example, AI is frequently used to overcome language barriers and craft convincing phishing emails, sift through large data sets for sensitive information, and repetitive tasks, allowing attackers to scale their efforts without increasing resources. However, these tactics remain human-driven, with AI enhancing rather than leading the charge.

In 2025, AI’s role in cyberattacks will likely remain “subtle but significant.” AI may help threat actors evade detection with minor variations in malware or generate realistic content for social engineering, but the expected surge in complex, autonomous AI-driven attacks hasn’t yet materialized, and I don’t think we should expect it yet. Instead, we should expect threat actors to keep utilising their tried and true methodologies, now augmented with AI for efficiency.

– Jason Mar-Tang, Field CISO, Pentera

————————————————————————————————————

Transforming Security and Cross-border Transactions

Blockchain technology is set to revolutionise cross-border payments and security. Research showed that in the Asia-Pacific region, where cross-border transactions are essential, 84% of people and businesses would send money more often if the process were easier and less costly.

Central Bank Digital Currencies (CBDCs), built on blockchain, represent the next frontier in global finance. Over 100 CBDC projects are under development worldwide, many in APAC, focusing on enhancing payment efficiency and financial inclusion. For example, Vietnam has partnered with five ASEAN countries to create a cross-border payment system powered by blockchain, enabling faster, more affordable transactions.

Blockchain adoption can reduce processing times by up to 80% and lower transaction costs, currently averaging 3-5% for cross-border payments. This technology supports financial inclusion and helps simplify international trade, particularly in emerging markets.

– Pramod Kumar, Head of Business (APAC), Newgen Software

————————————————————————————————————

Trust is the cornerstone of any customer relationship: The value-conscious consumers of today expect more than just products or services – they demand secure, reliable payment experiences that tag along each transaction. In response to the surge of sophisticated scams we’ve witnessed over the past year, it’s more important now than ever for B2C businesses to reassess their risk management strategies.

However, given the diverse risks businesses face, a one-size-fits-all approach to payments risk management is insufficient especially in an increasingly competitive landscape:

  • Adopting a unified approach to optimise risk management: In an increasingly high-stakes environment, viewing risk management as an afterthought or a siloed function is no longer viable. As fraudsters consistently develop new tactics to exploit vulnerabilities in the system, businesses must move beyond traditional methods to adopt a holistic approach where risk management is embedded into every layer of their operations. This approach creates a connected ecosystem where payments, data and customer interactions are fully integrated, allowing businesses to prevent, detect and respond to fraud.
  • Fostering trust through customer-centric strategies: Beyond integrating risk management strategies to maintain customer trust, businesses should create an environment where customers feel protected and valued, even as fraud evolves to take on more varied and elusive forms. One way is through making the entire online payments as optimised as possible, minimising any real or perceived threats that customers face when making payments. From offering customers the payment methods they know and trust or even to hosting the payment process on your website instead of diverting customers to a third-party gateway – these touchpoints will help build trust among customers by ensuring that they’re comfortable enough to proceed with a purchase.

Ultimately, businesses need to look towards a nuanced approach to risk management in the coming year, prioritising trust and the customer experience. By integrating a robust risk management solution and customising a risk strategy that is suited to their specific business needs, businesses will be able to stay ahead in an increasingly competitive landscape.

– Ben Wong, General Manager of SEA and Hong Kong, Adyen