Involving 14 of the 51 countries in the region, the survey examined ransomware, AI and downstream impacts of cyber incidents

Based on a June 2024 online survey conducted across a total of 3,844 cybersecurity decision-makers and leaders* organisations in 14 markets across the Asia Pacific region^ to under the threat landscape facing Chief Information Security Officers (CISOs) and their teams, some findings were announced by a connectivity cloud firm.

First, 41% of respondents had indicated experiencing a data breach in the past 12 months, with 47% indicating experiencing more than 10 data breaches. Ranked by industry, those from Construction and Real Estate (56%) topped the incidence rate, followed by those in Travel and Tourism (51%), and Financial Services (51%). Ranked by type, the information most frequently targeted was customer data (67%), user access credentials (58%), and financial data (55%).

Second, 87% of respondents indicated they were concerned about AI increasing the sophistication and severity of data breaches. Some 50% of respondents indicated they were anticipating AI to be used to crack passwords or encryption codes. Additionally, 47% cited beliefs that AI will enhance phishing and social engineering attacks, while 44% expected it to advance DDoS attacks. Lastly, 40% indicated beliefs that AI is playing a role in creating deepfakes and facilitating privacy breaches.

Other findings

Third, 70% of respondents indicated their organizations were adapting various operations to the impact of AI: governance and regulatory compliance (40%), cybersecurity strategy (39%), and vendor engagement (36%). Top priorities indicated in the responses included hiring generative AI analysts (45%), investing in threat detection and response systems (40%), and enhancing Security Information and Event Management systems (40%). Also:

  • 70% of respondents had publicly vowed not to pay ransoms, but 62% of those who experienced ransomware attacks cited actually paying the ransom.
  • 69% of Indian respondents were likely to pay ransoms, followed by 67% in Hong Kong, 50% in Malaysia, and 50% in Indonesia. The least likely to pay were 19% in South Korea, followed by 19% in Japan and 22% in New Zealand.
  • 47% of respondents cited a compromised Remote Desktop Protocol or VPN server as the means of entry — the most commonly cited attack vector.
  • 43% of respondents indicated they spend more than 5% of their IT budget to address regulatory and compliance requirements; 48% reported spending over 10% of their work week keeping pace with industry regulatory and certification requirements. Positive impacts from these practices cited by respondents included improving organizations’ baseline privacy and/or security levels (59%), improving the integrity of technology and data (57%), and enhancing organizations’ reputation and brand (53%).

According to Grant Bourzikas, Chief Security Officer, Cloudflare, the firm that commissioned the survey, respondents were facing “growing pressure from cyberattacks, stricter regulations, and limited resources. To protect their organizations, they must constantly assess talent, budgets, and solutions.”

*from small (250 – 999 employees), medium (1,000 – 2499 employees), and large (more than 2,500 employees) organization in Business & Professional Services; Construction & Real Estate; Education; Energy, Utilities & Natural Resources; Engineering & Automotive, Financial Services; Gaming; Government; Healthcare; IT & Technology; Manufacturing; Media & Telecoms; Retail; Transportation; Travel, Tourism & Hospitality.

^Australia, China, Hong Kong SAR, India, Indonesia, Japan, Malaysia, New Zealand, the Philippines, Singapore, South Korea, Taiwan, Thailand, and Vietnam (n=201 to 405 per country)