Jun 2025
by Seow Hiong Goh, Executive Director, Global Policy & Government Affairs, Asia Pacific, Cisco Systems
AI is rewriting the rules of productivity. Cloud adoption is scaling across industries. Entire economies are modernizing overnight, and Asia Pacific is no exception. From global tech hubs to fast-growing digital markets, the region is in the middle of a transformation unlike anything we’ve seen before.
But velocity cuts both ways.
As technology accelerates, so do the risks. And according to Cisco’s 2025 Cybersecurity Readiness Index —based on a survey of 8,000 business and cybersecurity leaders across 30 global markets—too many organizations are struggling to keep up.
From AI-enhanced phishing to prompt injection attacks and model theft, the threat landscape is evolving faster than many teams can respond. Just last year, 90% of cybersecurity leaders reported at least one AI-related security incident. And fewer than half believe their employees fully understand how malicious actors are using AI to compromise systems.
However, risk isn’t limited to sophisticated attacks. In many workplaces, employees are using generative AI tools without formal approval or oversight, and 60% of IT teams say they lack visibility into what those tools are being used for. Often left in the dark until it’s too late, this challenge is even more acute for smaller companies whose limited resources, unclear policies, and fragmented security infrastructure leave them especially exposed.
With the traditional security perimeter now gone, what’s left is a patchwork of tools, platforms, and endpoints—most of them operating with limited coordination. As hybrid work, multi-cloud deployments, and AI-infused workflows become standard, this fragmented approach is unsustainable. Security can’t keep functioning in silos when attackers are operating at scale and speed.
But there’s also a clear opportunity in this moment. Nearly every organization surveyed in the Index said they plan to upgrade or restructure their IT infrastructure within the next two years. And rising security budgets across industries signal that leaders are beginning to realize that legacy tools and manual oversight won’t protect a digital future built on AI and cloud.
To close the readiness gap, the region must rethink how it approaches core elements of cybersecurity—starting with identity.
With AI making impersonation attacks harder to detect, and employees accessing systems from more devices and locations than ever before, identity can no longer be seen as a single gateway to defend. It must be treated as an always-on signal, verified continuously. Implementing AI-driven behavioral analytics, risk-based access, and Zero Trust principles will be essential for ensuring only the right people—and machines—have the right access at the right time.
That same mindset must be applied to network security. The Index shows that organizations are sliding backward on network resilience, even as infrastructure becomes more distributed. Many are still relying on outdated perimeter models while traffic flows between data centers, cloud environments, remote workers, and devices. In this new landscape, networks need real-time monitoring, segmentation, and the ability to isolate threats quickly—because static defenses won’t hold against dynamic attacks.
And while adoption of cloud environments is high, security maturity is low. Too many companies are still protecting cloud services in silos, using tools that don’t speak to one another. That leaves blind spots and slows down response times. What’s needed now are unified, cloud-native architectures—backed by AI—that reduce noise, spot anomalies early, and streamline policy enforcement across environments.
Equally urgent is the need to secure the AI systems themselves. Many organizations have adopted AI to enhance operations, but far fewer have put safeguards in place to protect the models and data they rely on. Whether it’s protecting training data, detecting prompt injection, or managing who can access and modify models, securing AI systems must be treated with the same urgency as securing traditional infrastructure.
Underlying all of this is one of the biggest challenges the Index identifies: talent.
Eighty-six percent of organizations say the cybersecurity talent shortage is hindering their progress. Across APAC, teams are under-resourced and stretched thin. To solve this, we must train cybersecurity professionals to tackle new categories of threats and give them the tools and support to deploy solutions effectively. This is especially true in smaller organizations, where under-resourced teams often operate without the capacity to scale or specialize.
This is where collaboration becomes critical, and while Asia Pacific is poised to lead in the digital economy—leadership without readiness is a risk. To protect what we’re building—and unlock what’s next—we need to act with purpose and urgency.
