For the new year, here are some more trends and predictions from cybersecurity experts across Asia Pacific.

Since December 2024, we have been featuring cybersecurity trends and predictions from Asia Pacific cybersecurity experts in our Expert Opinions and Tips sections.

Now that we are already in the middle of January 2025, here’s a feature article on more trends and predictions from experts surrounding the cyberthreat landscape and cyber-resiliency for the region.

Parvinder Walia, President of Asia Pacific & Japan (APJ), ESET:

With the anticipated geopolitical shifts in 2025, we foresee the possibility of social media and tech companies facing deregulation. This could result in a decline in content quality and a surge in AI-generated spam, scams, and phishing campaigns— exacerbating the trend that began emerging in 2024.

With the anticipated geopolitical shifts in 2025, we foresee the possibility of social media and tech companies facing deregulation. This could result in a decline in content quality and a surge in AI-generated spam, scams, and phishing campaigns— exacerbating the trend that began emerging in 2024.

We also expect an increase in the number of fake or duplicate accounts for celebrities and other public figures on social media. These malicious profiles will use deepfake videos and other AI-generated content to appear legitimate and trustworthy, thereby increasing the importance of authenticity verification tools like “verified” badges on social media.

Ransomware remains a key issue for businesses worldwide. The ESET Threat Report H2 2024 revealed ransomware-as-a-service (RaaS) as a lucrative market, with the group RansomHub leading the pack in the cybercriminal market.

Endpoint Detection and Response (EDR) killers are also increasingly common in ransomware attacks, and in 2025, cybercriminals are likely to refine these tools, making them more sophisticated and harder to detect. This trend reveals the critical role of security tools like EDR, which cybercriminals are determined to neutralize.

Business leaders need to remember that paying cybercriminals only fuels further cybercrime. Proactively implementing preventive measures is the best approach companies can take to protect themselves.

Gene Yu, Founder and CEO, Blackpanda:

The challenge of managing vulnerability gaps will become more complex as businesses adopt diverse technologies at an unprecedented pace. While the rise of AI and quantum computers hold the potential to improve efficiency and productivity, they are also tools for malicious actors to launch more sophisticated cyberattacks.

The future of cyber preparedness lies not only in advanced detection and response systems but in a proactive, collaborative approach to managing vulnerabilities. This applies not only at the organizational level, but also at the sectoral and national level.

Given the potential of cyber-attacks to disrupt business operations, the cyber insurance industry in APAC has seen monumental growth the past year. The cyber insurance market has been expanding at a rate of nearly 50% per year, now accounting for 7% of the global market as of the beginning of this year. We expect growth in this area to remain constant given the heightened risks brought about with rapid digitization across the region.

Rather than being just a way to compensate companies in the event of cyber-attacks, we see that cyber insurance will evolve beyond financial recovery into a strategic partner role, offering actionable intelligence that empowers businesses to fortify their defenses proactively to mitigate losses in the event of cyber incidents.

Christophe Barel, Managing Director APAC, FS-ISAC:

In 2025, emerging technologies will drive increasingly sophisticated cyber-attacks, fundamentally redefining the threat landscape across the global financial system.

Generative AI (GenAI) will play a central role, enabling threat actors to launch convincing phishing attacks, manipulate data in AI models for nefarious means, exploit cloud-specific vulnerabilities, and create fraudulent digital content, such as deepfakes, with unprecedented precision.

At the same time, the looming threat of quantum computing will challenge current encryption types, driving the industry to accelerate the adoption of post-quantum cryptographic (PQC) solutions.

The growth of ransomware-as-a-service (RaaS) and cybercrime-as-a-service (CaaS) enables even low-skill adversaries to access sophisticated attack toolkits. This will broaden the threat landscape and further escalate risks, allowing attack groups to become more specialized and targeted.

To proactively prepare for evolving and emerging threats, organizations need to elevate cyber resilience to a core ‘always-on’ necessity. As a first step, firms should ensure resilience is an essential strategic priority, and not just an operational concern.

Organizations should also establish proper policies and structures that foster a culture that is cyber-aware and implement cyber hygiene best practices to reinforce cyber resilience.

In the APAC region, both the sheer number and sophistication of cyberattacks are escalating rapidly, making collaboration – both within the industry and through public-private partnerships – a necessity. Intelligence sharing is critical to building collective resilience and safeguarding trust within the financial services sector.

Lorri Janssen-Anessi, Director of External Cyber Assessments, BlueVoyant:

Here are a few things that stood out for me in 2024:

An increase in creativity and sophistication by cyberthreat actors. AI has been increasingly leveraged lately by cyber threat actors in phishing attacks, social engineering, automated malware creation, assisting in the sophistication and believability of content, and to help make their tactics more precise and scalable.

Along the same line, cyberthreat actors continue to use Deepfakes in social media or low-level scams. I would not underestimate this tool. There has been increased believability and sophistication in not only the messaging and content of texts and emails but also in videos. The improvement in this capability has increased enough to fool even advanced security systems. We may see attacks leveraging deepfakes and synthetic identities to infiltrate organizations, resulting in a potential need for new identity verification protocols and anti-synthetic fraud technologies. 

An unfortunate trend is the continued shortage of cybersecurity talent. The demand for skilled cybersecurity professionals already outstrips supply, but if this gap grows further, we could see a critical shortfall in the coming years. Organizations could potentially respond by doubling down on automation and AI to fill gaps in threat monitoring and response, or by leaning on managed security service providers, potentially reshaping the industry’s workforce landscape.

One very positive win for 2024 was the downward trend in ransomware. One conclusion behind this trend is that organizations are taking a more defensive and proactive approach to ensuring the security of not only their own organizations but also their third-party supply chains. Supply chains have been and continue to be one of the biggest vectors for ransomware attacks to date.

This decrease could also be attributed to overall awareness, and improved incident response programs. Some other contributing factors could be improved network segmentation, controlling user privileges, and general improvements in data backup strategies. Continued vigilance in these areas will keep this trend going in the right direction.

Something that could continue to help is companies vetting suppliers’ cybersecurity practices and programs. These additional requirements could include adding layers of due diligence.

As cyberthreats continue to grow more complex and damaging, regulatory bodies around the world have been stepping up enforcement to protect critical infrastructure, personal data, and the global economy. I anticipate that in 2025, the landscape of compliance and regulatory oversight in cybersecurity could shift significantly, with broad implications for businesses, security practices, and the industry overall. Enforcement could become much more aggressive, with substantial penalties for breaches or negligence. Increased legal accountability might surprise organizations, pushing them to adopt comprehensive security standards far beyond current compliance frameworks.

Currently, regulations vary significantly by region, which can be costly and confusing for global companies. By 2025, we may see an effort toward harmonizing cybersecurity standards, especially across the EU, US, and parts of Asia. This would mean more uniform standards around data protection, incident response, and cross-border data flow security, although companies would still have to meet the most stringent standard in any operating region.

Building on frameworks like the GDPR, more regions could enforce privacy rights, obligating organizations to limit data collection, improve transparency, and seek explicit consent for data use. Companies may face stringent requirements to secure consumer data, notify users of breaches quickly, and demonstrate the minimum collection of personal information.

The cybersecurity landscape is dynamic, and as new technologies evolve, so do the threats and industry responses. Preparedness will likely hinge on proactive adaptation to these emerging and growing risks.