Skip to content
Home » The Coalition for Cybersecurity in Asia Pacific (CCAPAC) – Helping Governments Through an Evolving Cybersecurity Landscape

The Coalition for Cybersecurity in Asia Pacific (CCAPAC) – Helping Governments Through an Evolving Cybersecurity Landscape

March 2025

The Asia Pacific region stands at a crossroads. Home to some of the world’s fastest-growing digital economies, it is simultaneously emerging as one of the most targeted regions for cyberattacks. Governments in Asia Pacific are increasingly recognizing cybersecurity as a national priority and are actively working to address this multifaceted threat, even as they navigate a complex and evolving landscape of challenges. The threats are no longer hypothetical. They are urgent and real. Behind each breach lies a hard truth: as our digital infrastructure advances, so do the capabilities of those who seek to exploit it.

Accordingly, to develop effective and strategic recommendations for governments to build resilience against these emerging threats, it is imperative to pinpoint and examine the region’s most prevalent trends. As such, this op-ed is a call to action and a blueprint for how we can get ahead of the threats in 2025.

The Top Four Cybersecurity Fronts Shaping Asia Pacific in 2025

i) Ransomware and Malware Attacks

The region is battling a surge in ransomware and malware, often targeting critical infrastructure. In just the first half of 2024, Asia Pacific saw over 57,000 ransomware incidents, with Indonesia, the Philippines, and Thailand bearing the brunt.[1] Attackers are no longer content with simple data encryption; they now employ double and triple extortion tactics, threatening to leak sensitive data or disrupt vital services. The economic fallout is severe, as seen when a LockBit 3.0 attack crippled fuel distribution across Indonesia Java region.[2] High-profile breaches, from Indonesia’s National Data Centre[3] to Malaysia’s public transport operator[4] and the Philippines’ health insurance provider, [5] underscore the region’s vulnerability.

ii) Advanced Persistent Threats

State-sponsored cyber espionage is on the rise. By exploiting edge devices and IoT systems, attackers bypass traditional defences. For example, the Andariel Group from North Korea/linked with Pyongyang launched a series of targeted intrusions into organisations with access to military secrets, demonstrating the country’s cyber capabilities and potential for state-sponsored attacks. [6] As Asia Pacific gears up to host over 14 billion IoT devices by 2025, [7] these vulnerabilities must be addressed now, not later.

iii) Geopolitical Tensions and Foreign Interference

Cyber operations now serve as proxies for broader political and economic rivalries. The targeting of Vietnam’s offshore oil and gas data, for example, coincided with China’s territorial assertions in the South China Sea. [8] Disputes over territory, energy resources, and trade are being fought not just in courtrooms and summits, but through sophisticated cyber espionage campaigns making it difficult to separate cybersecurity from national security.

iv) Interdependencies in Supply Chains Creating New Risk Vectors

The growing complexity of interconnected supply chains has created new risk vectors. The 2024 cyber breach at Indonesia’s Bank Mandiri, which impacted thousands of regional SMEs, demonstrated just how quickly localized threats can spill across borders and sectors. [9]

CCAPAC as a Catalyst for Cyber-Resilience in Asia Pacific

A) The Fragmented Response and What Must Change

Governments across the region are making progress. Singapore’s Cybersecurity Act requires breach reporting for critical sectors, [10] while Thailand and Malaysia have passed major regulatory reforms. [11] Yet efforts remain fragmented. Diverse national priorities, from Vietnam’s data localization focus to Indonesia’s limitations on cross-border data flows, have slowed efforts to create a unified regional front. [12]

Beyond policy misalignment, capacity constraints persist. There are instances that cybersecurity laws exist only on paper, and others that are still contemplating the establishing of cyber security legislation. Countries like Brunei lack mandates for financial sector protections, [13] while Malaysia’s new Cybersecurity Act is hamstrung by a massive talent gap – 84% of organizations struggle to find certified professionals. [14]

This challenge is compounded by funding limitations and the digital divide. Nearly one-third of Asia Pacific’s population remains offline. [15] Without sustained investment, under-resourced nations will fall further behind, creating security blind spots that threaten the entire region.

B) Public-Private Partnerships: A Proven Model for Progress

In this context, collaboration is not optional – it is essential. The CCAPAC, comprising members like Qualcomm, AWS, Cisco, and KnowBe4, is helping to bridge these gaps through tangible, on-the-ground initiatives.

  • Qualcomm is bolstering 5G security in Vietnam through Open RAN networks and IoT-focused R&D in Hanoi. [16]
  • AWS is investing $5 billion in cloud infrastructure in Thailand [17] while training over 150,000 students across the region. [18]
  • Cisco is enhancing network security and launching regional training initiatives to certify 50,000 cybersecurity professionals by 2026, while providing enterprise solutions to provide AI-powered defense for infrastructure and protect against attacks on AI systems. [19]
  • KnowBe4 enables organizations to manage human risk by combining personalized and relevant education and training with adaptive security controls tailored to Asia’s diverse linguistic and cultural landscape.

These are not theoretical solutions, they are working models that governments can scale.

Call to Action

As Asia Pacific faces unprecedented challenges in cybersecurity, with critical infrastructure becoming increasingly vulnerable to attacks and the cybersecurity talent shortage persisting, stronger multi-sector collaboration is essential. The region must prioritize:

  1. Harmonizing cybersecurity policies and regulatory frameworks across ASEAN member states.
  2. Investing in cybersecurity capacity-building initiatives, particularly for MSMEs and critical infrastructure sectors.
  3. Fostering a culture of cybersecurity awareness by promoting individual contribution and collective action, and by promoting responsible digital citizenship.
  4. Enabling and leveraging emerging technologies like AI and machine learning to enhance threat detection and response capabilities.

By embracing a collaborative approach that brings together governments, industry leaders, and regional partners, Asia Pacific can not only safeguard its digital future but also emerge as a global leader in cybersecurity innovation. The path forward requires sustained commitment, investment, and cooperation to build a resilient digital ecosystem that can withstand the evolving cyber threats of tomorrow.

Public-private partnerships have emerged as a cornerstone in combating cybersecurity challenges. In particular, CCAPAC plays a key role in shaping a more secure digital ecosystem for Asia Pacific. Through its member organizations, CCAPAC contributes significantly to threat intelligence sharing, capacity building, and the development of advanced security solutions.

REFERENCES

  1. https://securitybrief.asia/story/ransomware-attacks-surge-in-southeast-asia-with-57-000-cases
  2. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a; https://sevenstonesindonesia.com/blog/indonesia-battles-cyber-attack-impact-on-government-services/
  3. https://fulcrum.sg/indonesias-national-data-centre-ransomware-attack-a-digital-governance-failure/
  4. https://www.malaymail.com/news/malaysia/2024/08/26/prasarana-confirms-cybersecurity-breach-public-transport-operations-unaffected/148268
  5. https://www.dataguidance.com/news/philippines-npc-investigates-potential-data-breach
  6. https://moderndiplomacy.eu/2024/12/18/the-current-impact-of-state-sponsored-cybersecurity-attacks-in-the-asia-pacific-region
  7. https://www.intralinkgroup.com/en-GB/Latest/Intralink-Insights/January-2025/the-800-billion-Southeast-Asia-digital-economy
  8. https://www.tandfonline.com/doi/full/10.1080/23311886.2024.2401629
  9. https://www.indopremier.com/ipotnews/newsDetail.php?group_news=RESEARCHNEWS&halaman=&jdl=Ada+1+Juta+Serangan+Siber+Mencoba+Bobol+Data+Bank+Mandiri+%28BMRI%29&name=&news_date=&news_id=452104&q=&search=&taging_subtype=&utm
  10. https://sso.agc.gov.sg/Acts-Supp/19-2024/Published/20240704?DocDate=20240704
  11. https://cybersecurityasia.net/malaysia-cybersecurity-skills-gap-fortinet/
  12. https://global.ptsecurity.com/analytics/cybersecurity-threatscape-in-southeast-asia
  13. https://global.ptsecurity.com/analytics/cybersecurity-threatscape-in-southeast-asia
  14. https://cybersecurityasia.net/malaysia-cybersecurity-skills-gap-fortinet/
  15. https://govinsider.asia/intl-en/article/public-private-collaboration-critical-for-digital-economy-growth-asean
  16. http://viettelhightech.com/en/5g-open-ran-connect-2024-vietnams-first-international-event-on-5g-open-ran
  17. https://www.capacitymedia.com/article/aws-to-invest-5bn-in-thailand
  18. https://aws.amazon.com/local/thailand/
  19. https://news-blogs.cisco.com/apjc/2024/10/18/cisco-and-csa-collaborate-to-bolster-cyber-defense-for-singapore; https://www.cisco.com/site/us/en/products/security/hypershield/index.html; https://www.cisco.com/site/us/en/products/security/ai-defense/index.html