Cybercrime is a trillion-dollar challenge to the Asia-Pacific and Japan (APJ) region, with cyberattacks escalating as businesses accelerate digital transformation. Identity-based attacks are now cybercriminals’ weapon of choice, exploiting outdated security measures and unprotected credentials.
Asia bears a significant financial burden, with cybercrime costing the region US$1 trillion annually, and organisations facing roughly 2510 weekly cyberattacks.
These incidents account for more than a third of reported cyberattacks, cementing Asia as a prime target. Singapore, in particular, remains highly vulnerable as cybercriminals exploit its status as a financial hub and open economy.
The fallout? Not just financial ruin. Business operations grind to a halt. Customer trust erodes. Regulators tighten their grip. Traditional security perimeters are no longer enough—organisations need a proactive, intelligence-driven defence strategy.
Asia is now a prime target for identity-based attacks
Asia’s rapid digitalisation and varying cybersecurity maturity levels have expanded the attack surface for cybercriminals, making the region a prime target for identity-based attacks. Additionally, the region's strategic importance in global trade, finance, and defence further incentivises threat actors to exploit identity vulnerabilities.
Active Directory (AD) is the world’s most popular identity system, and its core function is to authenticate and authorise users to a network. It was developed by Microsoft 25 years ago for Windows networks. Today, hundreds of millions of users globally rely on AD and it is compromised in approximately 90 percent of ransomware attacks.
Cybercriminals know which vulnerabilities to pursue. Instead of battering down the digital walls of enterprises, they slip in unnoticed, exploit Active Directory (AD) vulnerabilities, hijacking privileged accounts, and gain unchecked access to entire networks.
Consider the high-profile attack on Japan’s Space Exploration Agency (JAXA). By infiltrating AD systems, hackers bypassed traditional defences, operating undetected within critical infrastructure. This is the new reality: identity is the new perimeter. If organisations fail to secure it, they leave themselves highly vulnerable to cyber threats.
We need to rethink our approach to threat detection and response
With identity-based threats rising, IT leaders should strongly consider rethinking their approach and adopting an ‘assumed breach’ mindset, given that AD remains one of the most exploited entry points. Improving operational resilience to cyber threats should include having a robust backup and recovery plan in place as well.
At the same time, Zero-Trust security models are gaining momentum. Unlike traditional perimeter-based defences, Zero Trust assumes no user or system is inherently trustworthy. Organisations across APAC are increasingly adopting this model, with Singapore leading the charge by integrating AI-powered behavioural analysis into national cybersecurity frameworks.
Investment in cyber resilience is also accelerating, with 72 percent of Asia Pacific’s technology leaders prioritising cybersecurity investments in 2025. Organisations are shifting focus from reactive responses to proactive defence strategies that detect and neutralise threats before they escalate, signalling the region’s broader efforts to shore up its security posture.
The business case for a unified cybersecurity strategy
Financial losses from cyberattacks are not confined to a few organisations. Hundreds of entities in APJ - including governments, public and private sector companies, healthcare institutions, and critical infrastructure industries like electricity and power - face significant financial and operational damage.
This raises a crucial question: Can Asia adopt a unified, coordinated, region-wide cybersecurity strategy to combat these growing threats?
Here are the four pillars for consideration:
- Proactive detection, response, and recovery: A well-implemented Identity Thread Detection and Response (ITDR) strategy serves as a proactive shield against potential threats. By continuously monitoring and analysing user behaviours and access patterns, ITDR enables organisations to identify and neutralise threats before they escalate into significant breaches, which is instrumental in mitigating financial losses.
- Regulatory compliance through strong identity security: As cybersecurity regulations evolve across APJ, a unified cybersecurity strategy ensures that organisations remain compliant with these regulations, helping organisations avoid legal penalties, safeguard their reputation, and maintain trust among clients and partners.
- Streamlined access and security: Strengthening identity security reduces unauthorised access to critical systems while enabling employees to work efficiently without security-related disruptions.
- Upskilling the Workforce: Bridging the cybersecurity skills gap through initiatives like the APAC Cybersecurity Fund, which strengthens the cyber capabilities of underserved micro and small businesses, nonprofits, and social enterprises through tailored training programmes and cyber clinics, equipping vulnerable organisations with the knowledge, skills and resources needed to effectively defend against cyber risks.
By integrating key components such as Identity Thread Detection and Response, Zero-Trust principles, AI-driven analytics, and comprehensive security frameworks and capabilities, organisations can build a resilient digital ecosystem across Asia, with coordinated efforts crucial in safeguarding the region’s digital future.
- Gerry Sillars,Vice President, Asia Pacific and Japan at Semperis.
The road ahead for APAC organisations
Amidst escalating cybercrime, the region needs a unified cybersecurity strategy. Collaboration among governments, businesses, and security experts can help address the region’s cybersecurity challenges.
From proactive threat management and detection, enhanced security measures, and workforce upskilling, organisations can enhance long-term resilience to reduce financial losses, foster trust, and position the region for sustainable digital growth.
Initiatives like the APAC Cybersecurity Fund, which aims to strengthen the region’s cybersecurity ecosystem by equipping and upskilling small businesses and communities, are crucial in growing our regional resilience and narrowing the skills gap that exacerbates cyber threats.
Strengthening regional cybersecurity efforts is not just about mitigating risks, but also about unlocking new opportunities for growth and progress. By continuing to work together in the same spirit, Asia could save up to a trillion dollars annually, creating a more secure, resilient, and innovative digital economy.
The question remains: will organisations unite to protect their digital ecosystems, or will the cost of inaction erode the region’s resilience? What they do, or don’t do, will shape the future of cybersecurity in Asia and the global economy.
Gerry Sillars is Vice President, Asia Pacific and Japan at Semperis.
