The IDC InfoBrief, sponsored by Fortinet, titled “State of Cybersecurity in Asia/Pacific: From Constant Risk to Platform-Driven Resilience” (August 2025), paints a clear picture: Asia-Pacific enterprises are racing to harness AI while defending against a surge of AI-driven cyberattacks. Despite growing awareness, cybersecurity investment and readiness remain dangerously low.
AI: The Double-Edged Sword
AI is reshaping both sides of the cybersecurity battlefield. According to the report, 61% of organizations have already encountered AI-powered cyber threats, with 27% admitting that these attacks outpace their detection capabilities. Yet, only 15% of IT budgets—roughly 1.44% of total revenue—are dedicated to cybersecurity.
IDC warns that while AI empowers defenders, it equally strengthens attackers through deepfakes, intelligent malware, and automated exploitation tools.
A Region Under Siege
Cyberattacks are increasing across every front. The top three threats—software supply chain attacks, ransomware, and phishing—have risen dramatically in the past year. New AI-enhanced risks, such as credential hijacking, deepfake-driven scams, and data poisoning, are testing the limits of current defenses.
Despite the diversity of threats, one message is consistent: “Complexity is the enemy of security.” Many organizations are burdened with too many tools and not enough integration.
People and Process: The Weakest Links
The human layer remains fragile. Only 15.6% of organizations have a dedicated CISO, while 63% combine cybersecurity with broader IT functions. Skills shortages, tool sprawl, and burnout are undermining resilience. IDC notes that automation and platformization—using fewer, more innovative tools—are essential to counter both human error and talent scarcity.
From Fragmentation to Platform Resilience
Nearly 97% of surveyed firms are consolidating or evaluating the convergence of security and networking. The top goals include faster response times, better visibility, and an improved security posture. IDC identifies identity security, zero trust, and cloud-native protection as top investment priorities for the next 12–18 months.
AI adoption is also accelerating, with over 90% of organizations utilizing AI in security operations, transitioning from detection to predictive modeling and automated response. However, trust remains a challenge—few are ready for autonomous AI decision-making.
The Road Ahead
IDC’s essential guidance is pragmatic: adopt zero trust, automate aggressively, and integrate AI responsibly across teams. Security must evolve from a siloed IT function to a platform-driven business enabler.
In short, the region’s digital future depends on turning cybersecurity from a reactive defense to a strategic pillar of resilience—powered by intelligence, collaboration, and trust.
