In the AI-versus-AI race in cybersecurity, all forms of AI – from machine learning to generative AI to agentic AI, and projecting to future quantum AI – form the arsenal on both sides of the war. Where does digital twin technology come in?

Southeast Asia’s booming digital economy has made it a prime target for increasingly sophisticated cyber-attacks.

Recent cases in 2025 — from malware scams causing $625,000 in losses last month to the rise of deepfake-enabled cybercrimes — highlight how cybercriminals continue to leverage AI to thwart traditional defenses and challenge the digital resilience of organizations and governments in this region.

Meanwhile, Southeast Asian organizations also have to balance innovation with security, ensuring that the new technologies they adopt don’t provide more risks than rewards.

With the stakes higher than ever, what would a proactive intelligent risk and security management approach look like? And what do digital twins have to do with it? We find out from David Ng, Managing Director, Singapore, Philippines and Indonesia, Trend Micro.

Why can’t current periodic risk assessments keep up with AI-powered adversaries?

Ng: Periodic risk assessments — static, point-in-time snapshots of an organization’s security posture — operate on the assumption that the threat landscape evolves gradually. However, that’s no longer the case.

AI has significantly accelerated the speed and scale of cyberattacks. Threat actors can now use automation to identify and exploit vulnerabilities within hours, making traditional quarterly or annual review cycles far too slow. This creates a dangerous lag between risk identification and mitigation — a lag that adversaries exploit mercilessly.

At the same time, AI has lowered the barriers to entry for cybercrime.  Even less-skilled cybercriminals can now deploy sophisticated phishing campaigns, deepfakes and adaptive malware at scale, customizing them to bypass defenses and target individuals precisely. Static assessments cannot capture or respond to such a fast-changing threat environment.

To stay ahead, organizations must shift from periodic risk assessments to proactive, continuous risk monitoring. By combining live telemetry, predictive analytics and AI-driven modelling, security teams can maintain real-time situational awareness and prioritize vulnerabilities dynamically. This shift enables constant adaptation to rapidly evolving threats.

How should organizations in Asia Pacific plan beyond cyber-defense, to ensure business resilience and continuity at scale?

Ng: For organizations across Asia Pacific (APAC), achieving resilience and continuity at scale begins with treating cybersecurity as a core element of business strategy, rather than an afterthought or standalone IT concern. It must be integrated into enterprise risk management, compliance, and strategic decision-making.

When embedded within core operations, cybersecurity becomes a driver of business confidence — enabling leaders to protect value, maintain trust, and sustain growth even amid disruption.

This strategic alignment also demands a fundamental mindset shift from reactive defense to proactive security. APAC organizations should not continue to operate in a constant state of firefighting, responding only after incidents occur.

Proactive security requires constant visibility across the digital footprint, understanding how assets, identities, and processes interconnect, and knowing where the most critical exposures lie.

Cyber Risk Exposure Management (CREM) enables this by providing a continuous process for discovering all assets, assessing their risk exposure, and prioritizing mitigation actions. By unifying visibility, prioritization, and intelligence across the enterprise, CREM empowers security teams to make informed, risk-based decisions in real time.

As AI continues to reshape APAC’s threat landscape, integrating CREM with AI-powered analytics and automation allows enterprises to proactively identify threats, reduce dwell time, and sustain business operations even under attack. In practice, resilience is no longer just about recovery, it’s about maintaining trust, protecting brand reputation, and ensuring operational continuity in the face of constant change.

What capabilities should proactive, intelligent risk and security management solutions have today?

Ng: Today’s intelligent risk and security management solutions must go beyond visibility and detection to deliver context, foresight, and autonomy. They should not simply tell organizations what is happening, but also why it matters and what to do next.

The first step is establishing a unified data foundation — one that consolidates telemetry from endpoints, networks, cloud environments, and identities into a single intelligence layer. This integration enables security teams to move from fragmented views to a real-time, contextual understanding of their digital ecosystem, where decisions are informed by impact and relevance rather than volume.

Next, organizations need the capability to anticipate risk through advanced modelling and continuous simulation. By safely replicating complex environments and testing defensive strategies, security teams can map potential attack paths, validate controls, and identify weaknesses before adversaries exploit them. This predictive insight marks a decisive shift from reactive assessment to proactive resilience.

Finally, the most forward-looking solutions harness adaptive automation and agentic decision-making to translate intelligence into action. By autonomously correlating data, prioritizing threats, and executing responses at speed, they amplify human capability and reduce operational burden.

How does Digital Twin technology address today’s cyberthreats?

Ng: Digital Twin technology represents a major evolution in proactive security, shifting organizations from static, reactive defenses to a dynamic, predictive model.

At its core, the approach uses agentic AI to create a high-fidelity, continuously updated simulation of an organization’s digital infrastructure — spanning on-premises, cloud, IT and OT environments.

This simulation allows security teams to safely test real-world cyber threats and assess defensive measures without any impact or disruption to live systems.  Within this virtual environment, AI agents can model adversary tactics and simulate attack scenarios to validate controls, test mitigation strategies, and uncover vulnerabilities long before a real incident occurs.

The result is a continuous cycle of adversary simulation and defensive validation, improving readiness and reducing exposure across complex, interdependent systems.

Digital Twin technology also underpins data-driven decision-making. Security leaders can introduce new tools or policies into the twin to see how they perform under realistic threat conditions. This allows for better-informed investment decisions and helps optimize business resilience by revealing how potential disruptions could ripple across IT and OT systems.

As AI accelerates attack sophistication, Digital Twin technology provides a controlled environment to anticipate and counter these evolving threats. By testing security assumptions against AI-driven tactics before they emerge in the wild, organizations can strengthen their resilience and maintain confidence in an increasingly unpredictable threat landscape.