Cloudflare’s new study focusing on cybersecurity in Asia Pacific found that 87 per cent of cybersecurity leaders are concerned about AI increasing the sophistication and severity of data breaches.
The report, called “Navigating the New Security Landscape: Asia Pacific Cybersecurity Readiness Survey,” shared the latest data on cybersecurity preparedness in the region, revealing how organisations are coping with ransomware, data breaches, and complexities brought about by AI.
“Cybersecurity leaders face growing pressure from cyberattacks, stricter regulations, and limited resources. To protect their organisations, they must constantly assess talent, budgets, and solutions,” said Grant Bourzikas, chief security officer at Cloudflare.
Data Breaches on the Rise: How Companies Are Paying the Price
The survey found that 41 per cent of respondents across Asia Pacific said their organisation experienced a data breach in the past 12 months, with 47 per cent indicating they suffered from more than 10 data breaches.
Of these, the industries that experienced the most data breaches included construction and real estate (56 per cent), travel and tourism (51 per cent), and financial services (51 per cent). Threat actors most frequently target customer data (67 per cent), user access credentials (58 per cent), and financial data (55 per cent). Furthermore, the study reveals that 87 per cent of respondents are concerned about AI increasing the sophistication and severity of data breaches.
AI: Changing the Threat Landscape
While AI boosts organisational efficiency, many fear that cybercriminals will increasingly exploit this technology, with 50 per cent of our respondents anticipating AI will be used to crack passwords or encryption codes. Additionally, 47 per cent believe AI will enhance phishing and social engineering attacks, while 44 per cent expect it to advance DDoS attacks. Lastly, 40 per cent foresee AI playing a role in creating deepfakes and facilitating privacy breaches.
Facing these evolving and diverse threats, 70 per cent of respondents report their organisations are adapting how they operate. Key areas impacted by AI include governance and regulatory compliance (40 per cent), cybersecurity strategy (39 per cent), and vendor engagement (36 per cent). Cybersecurity leaders are gearing up to tackle AI-driven risks, with every respondent expecting to deploy at least one AI-related security tool or measure.
Top priorities include hiring generative AI analysts (45 per cent), investing in threat detection and response systems (40 per cent), and enhancing SIEM systems (40 per cent). IT vendors remain critical, as 66 per cent of respondents have already sought AI solutions from them.
Ransomware: A Rising Threat in Asia Pacific
Ransomware remains a growing concern across the entire region. The study reveals that 62 per cent of organisations hit by ransomware paid the ransom, even though 70 per cent had publicly vowed not to. Overall, a compromised Remote Desktop Protocol or VPN server (47 per cent) proved to be the most common means of entry by threat actors.
There are significant variations across the region, though, with organisations in India (69 per cent), Hong Kong (67 per cent), Malaysia (50 per cent), and Indonesia (50 per cent) are most likely to pay ransoms, while South Korea (19 per cent), Japan (19 per cent), and New Zealand (22 per cent) are the least likely to give in to ransomware demands.
Rising Regulatory Demands: Consuming Time and Resources
“Regulation” and “compliance” also emerged as important themes in the study. The survey shows that 43 per cent of respondents said they spend more than 5 per cent of their IT budget to address regulatory and compliance requirements.
In addition, 48 per cent of respondents reported spending more than 10 per cent of their work week keeping pace with industry regulatory and certification requirements. However, this investment in regulatory compliance has had a positive impact on businesses, such as improving organisation’s baseline privacy and/or security levels (59 per cent), improving the integrity of organisation’s technology and data (57 per cent), and improving the organisation’s reputation and brand (53 per cent).
The survey was conducted across a total of 3,844 cybersecurity decision-makers and leaders from small (250 to 999 employees), medium (1,000 to 2499 employees), and large (more than 2,500 employees) organisations. Respondents were drawn from a wide range of industries: business & professional services; construction & real estate; education; energy, utilities & natural resources; engineering & automotive, financial services; gaming; government; healthcare; IT & technology; manufacturing; media & telecoms; retail; transportation; travel, tourism & hospitality. Respondents were based in 14 markets across Asia Pacific: Australia, China, Hong Kong SAR, India, Indonesia, Japan, Malaysia, New Zealand, the Philippines, Singapore, South Korea, Taiwan, Thailand, and Vietnam, and were surveyed online and recruited via general business panels.