Effective cybersecurity strategies combine local talent, regulatory understanding, and integrated platforms to counter evolving digital threats in our diverse tech markets.

Across Asia, a troubling pattern of escalating cyber threats is emerging.

The ransomware attack on Indonesia’s National Data Centre, along with a surge in data breaches in Malaysia, Thailand, and Vietnam, signal the rise of a more insidious wave of cyber risk. The recent data leak involving global retailer Louis Vuitton in Hong Kong only adds to the growing concerns facing businesses across the region.

The aggressive adoption of AI in the region, while a catalyst for innovation, is amplifying known and unpredictable security risks. This is made even more difficult because organizations are still adjusting to key external (geopolitical) and internal challenges (digitalization and cybercrime) in the current cybersecurity landscape.

Other confounding factors include managing the complexities of cloud adoption, fragmented IT and security functions, platformization, and rushed shifts towards AI — which may leave many organizations exposed.

Navigating AI risks in fragmented marketplaces

The challenge of securing AI is Asia’s fragmented nature when deep local knowledge is essential for success. Many technology vendors and partners lack the resources to establish an expert presence in every country.

This fragmentation is evident in the regulatory landscape: Countries such as Singapore, Malaysia, and Thailand each enforce distinct data protection laws, making a cohesive pan-ASEAN security strategy a formidable challenge. This expertise gap creates a chasm when defending against a new wave of scalable, AI-generated threats targeting the region’s critical infrastructure, demanding an urgent strategic security overhaul across Asia.

To address the expertise gap, organizations should evolve beyond basic product distribution towards a security-first, services-led model. How?

Securing the AI Lifecycle in Asia

This strategy requires organizations to cultivate in-house teams that are attuned to the organization’s internal needs, who can then combine global vendor technologies with deep local talent. This can weave an intimate understanding of regional threats and regulations with insightful local needs. In this way, markets can offer the critical strategic advisory needed to navigate the regulatory maze.

Next, securing data-intensive AI projects requires moving beyond standard cloud security and best practices. However, in the age of AI, adopting a Zero Trust architecture is no longer enough. The latter needs to be complemented by robust AI governance frameworks (Responsible AI), strict access controls, data encryption, and automation features to cope with the overwhelming volume of security alerts.

Implementing these advanced architectures is now happening within a new procurement landscape. Organizations can now access security solutions directly from cloud marketplaces, thereby moving beyond fragmented, standalone products to cohesive, platform-based approaches.

However, easier accessibility and availability of multiple solutions do not guarantee their effective deployment, nor any reduction of the operational complexity: organizations will still need strong technology consultants that go beyond simply facilitating transactions: they will now be expected to provide the advanced services and expertise required to translate a new technology purchase into a robust, operationalized security posture.

Adopting the most resilient approach

As cyber threats become more sophisticated, there will be a need to shift to integrated security platforms for comprehensive, outcome-based security, especially amid rapid and continual digitalization. (Editor’s note: Platformization has its own caveats, andrequires careful analysis, planning and management.)

The most resilient approach combines the best of global technology with localized engineering expertise, which simplifies management and provides the seamless defense required to withstand complex cyberattacks.