Athikom Kanchanavibhu – Chief Data Safety Officer (Mitr Phol) |
2025 seems like a sci-fi novel the place agentic AI transforms enterprise operations. But – like several story – there’s a twist: cyber-attackers are additionally levelling up, wielding AI in methods we’ve but to think about. Even with defences similar to prolonged detection and response (XDR), safe entry service edge (SASE), and next-generation firewalls; organisations should pause and ask: “Are we prepared for this new chapter?” The problem is twofold – utilizing AI to supercharge inner safety and defending towards AI-powered threats whereas new assault vectors emerge round AI stacks, resembling a brand new battlefield. 2025 requires rethinking, recalibrating, and staying sharp – those that embrace the long run gained’t simply maintain tempo however pull forward. |
Carol Lee – Deputy Normal Supervisor, Cyber Safety & Threat Administration (Dangle Lung Group) |
As we stay up for 2025, the function of cybersecurity professionals will more and more embody broader obligations, notably in knowledge privateness and AI governance. The convergence of those fields calls for that we not solely safeguard our digital belongings but in addition guarantee moral practices in AI growth and deployment. Consequently, we are able to anticipate a widening abilities hole, necessitating the creation and availability of certification packages to equip professionals with the mandatory competencies. This evolution might be important, as organizations would require CISO who can navigate the complicated interaction between safety, privateness, and rising applied sciences, additional underscoring the urgency of this focus globally. |
Cezary Piekarski – Interim World Head ICS and World Head, ICS Defend (Customary Chartered Financial institution) |
2025 will expose the hole between distributors’ willingness to mix AI options into software program, companies’ urge for food to undertake AI enhancements at tempo, and the power of know-how groups to safe new options. This would be the 12 months of exploration as early adopters be taught painful classes however new greatest practices will emerge.
Maturity of deep-fake applied sciences will proceed to speed up in disinformation and cybercriminal operations, additional diminishing belief in digital channels. Organisations will initially reply with, often futile, detections to then pivot in the direction of new authentication mechanisms that can redefine boundaries of belief.
AI will cut back time-to-exploitation for brand spanking new vulnerabilities, pushing organisations to rethink approaches for resiliency as patching earlier than exploitation turns into insufficient. Organisations might want to rearchitect key methods, to extend their capability to isolate and remediate at tempo with out disrupting enterprise processes (doubtlessly with the help of AI). |
Dominic Grunden – Advisory Board Member and CISO (Smile Expertise) |
Conventional threats (ransomware, digital extortion, and social engineering) will proceed to extend, posing main dangers to organisations. Malicious actors will use GenAI to enhance effectivity, efficacy, and menace vectors. Most of those threats will come from the deep and darkish net the place they focus on and monetise using giant language fashions (LLMs) and artificial media.
Geopolitical developments and cyber warfare will considerably affect the cyber menace panorama, persevering with the sample of elevated convergence between the cyber and geopolitical ecosystems. Malicious actors will proceed to function with political partisanship, with cybercriminal teams aligning on both aspect of the geopolitical dispute.
Some organisations will evolve the CISO function with growing obligations – into the Chief Digital Safety, Threat, and Resilience Officer or Chief Safety and Resilience Officer.
|
Irfan Amer bin Mohd Ismail – Chief Data Safety Officer (AEON Financial institution) |
The cybersecurity panorama in Southeast Asia might be considerably formed by AI-driven threats, resulting in a heightened concentrate on cloud safety and adherence to stricter knowledge privateness laws. Consequently, I count on Boards to undertake a extra proactive method, posing difficult questions on cyber resilience, knowledge safety and guaranteeing that methods align with enterprise goals. Whereas AI gives strong defensive capabilities, it additionally introduces moral dilemmas and the chance of false positives, which should be addressed thoughtfully. As a CISO, my major problem this 12 months might be balancing compliance and innovation to maintain up with the ever-evolving menace panorama. |
John Ang – Group Chief Expertise Officer (EtonHouse Worldwide Schooling Group) |
This 12 months, cybersecurity will concentrate on combating AI-powered assaults and deepfake threats, which may hurt organizational reputations. Instruments (e.g., CrowdStrike) are key for AI-driven menace detection, whereas zero-trust frameworks like Microsoft’s Zero Belief supply “robust” defenses.
Ransomware continues to evolve, and managing multi-cloud safety complexity requires unified options. Sufficient safety isn’t nearly employees coaching—it begins on the high. At EtonHouse, we’ve kicked off the 12 months with cyber coaching for our board and administration, reinforcing a safety tradition from management to frontline employees. Proactivity is important in 2025. |
Lim Kah-Wee – Director – Cost Fraud Disruption (Visa) |
AI will play a vital function in enhancing cyberfraud detection and personalizing fee experiences. Deep studying algorithms have gotten extra refined, permitting real-time transaction evaluation for potential danger. The potential for the subsequent technology of AI to rework the funds ecosystem – making it safer, smarter, and extra seamless – is huge and a important issue for achievement of funds and different industries in 2025 and past.
In funds, identification is the brand new encryption, setting requirements for safe, seamless transactions. Biometric authentication, like fingerprint or facial recognition, gives improved safety and comfort, displacing conventional authentication strategies.
|
Michael Noticed – Regional CSO, Asia Pacific (Siemens Power) |
Cybercriminals are anticipated to use private knowledge and AI to hold out extra refined assaults. Information breaches from earlier years have offered cybercriminals with entry to considerably extra private knowledge. When mixed with AI-generated deep fakes, this knowledge will allow extra life like and efficient phishing and spear-phishing campaigns in 2025. As human vulnerabilities proceed to be the weakest safety hyperlink, these assaults are prone to end in further knowledge breaches or the compromise of important management methods. Profitable spear-phishing assaults can have extreme penalties, particularly contemplating the privileged entry staff usually should delicate knowledge, monetary transactions, and bodily methods. |
Ricky Woo – Govt Director, CISO and Expertise Safety (DBS Financial institution) |
The cybersecurity panorama in 2025 will see a heightened concentrate on AI-driven threats and provide chain vulnerabilities. Adversaries are anticipated to leverage AI for hyper-personalized social engineering campaigns and adaptive malware, difficult conventional defenses. The rise of Ransomware-as-a-Service will increase the attain of refined assaults, notably concentrating on resource-limited organizations. Provide chain dangers will draw elevated scrutiny as attackers exploit trusted relationships and vulnerabilities in broadly used software program. Moreover, early experimentation with quantum-resistant applied sciences indicators a paradigm shift, emphasizing the necessity for proactive, multi-layered defenses. Organizations should prioritize innovation, collaboration, and superior menace detection to navigate this evolving panorama. |
Saiful Bakhtiar Osman – Head of IT – Shared Companies (PNB Industrial) |
For 2025, we will be prioritizing IT Safety investments to higher align with the corporate’s imaginative and prescient and mission. Further focus might be given to the data and knowledge safety. All IT initiatives which contain knowledge processing will embody the enterprise customers, as they’re the information proprietor. This synergy is predicted to drive enterprise forward, and materialised the anticipated ROI dedicated to the Administration. Concurrently, we are going to proceed to reinforce the IT Safety ecosystem, with reactive and proactive defence. Equally, steady schooling to all customers on the most recent cyber safety threats is crucial to construct a powerful IT Consciousness tradition. |
Sakshi Grover – Senior Analysis Supervisor (IDC) |
By 2027, solely 25% of consumer-facing firms within the Asia-Pacific (excluding Japan) area will use AI-powered identification entry administration (IAM) for personalised, safe person expertise on account of continued difficulties with course of integration and value issues.
Be taught extra right here:
IDC FutureScape: Worldwide Safety and Belief 2025 Predictions — Asia Pacific (Excluding Japan) Implications
AI-Powered Cybersecurity: Navigating the Increasing Assault Panorama, Asia/Pacific CISO’s Issues, Priorities and Funding Areas, and Strategic Vendor Assist
|
Sam Goh – Chief Data Safety Officer (DataX) |
An AI divide will emerge as area consultants maintaining with AI and efficiently implementing it of their trade might be extra aggressive than conventional companies with out the assistance of AI.
In the meantime, hyperscalers are reaching new breakthroughs of their AI analysis – notably within the agentic workflow and AGI, creating the subsequent wave of AI capabilities. All companies might be busy determining how you can capitalise AI capabilities to attain productiveness features by displacing white collar roles to chop prices and enhance profitability in an more and more unstable market.
Nonetheless, the cyber criminals will even more and more deploy these AI capabilities (since they don’t have a lot to lose or restricted by regulation to do AI Safety testing) to generate extra real-world affect and convey forth a brand new technology of smarter AI-enabled assaults. |
Shankar Karthikason – Group Head of Cyber Safety Technique, Operation & Advisory (Averis) |
2025 will see Quantum-Resistant Cryptography turn out to be essential as teams prepare for quantum computing. The APAC will even pay extra consideration to AI-driven menace detection and response methods to battle altering cyber threats. Moreover, provide chain safety will get extra consideration, with governments and firms putting in stricter guidelines to cut back third-party dangers. Cyber resilience, slightly than simply prevention, would be the new focus as companies work to cut back downtime and maintain operations working even throughout superior persistent threats. |
Shishir Kumar Singh – Group Head of Data Safety & Interim Group Information Privateness Officer (Advance Intelligence Group) |
AI-Pushed Safety Evolution: Each attackers and defenders will use AI to innovate, making using adaptive menace intelligence important for detecting and responding to evolving threats.
Zero Belief as a Customary: Adoption will prolong into OT, IoT, and cloud ecosystems, pushed by regulatory and operational calls for.
Resilience Amid Complexity: Cyber resilience will turn out to be a board-level precedence, emphasizing restoration and continuity.
World Rules: Stricter guidelines on AI and knowledge privateness will problem organizations to remain compliant.
Collaborative Safety: Elevated trade partnerships for intelligence sharing and tackling provide chain vulnerabilities. |
Silvia Lam Ihensekhien – Director of Data Safety and Threat Administration (Swire Coca-Cola) |
This 12 months, I anticipate important development in Zero Belief Structure as organizations prioritize minimizing dangers from insider threats and knowledge breaches. The concentrate on provide chain safety will improve as a result of rising variety of cyber incidents concentrating on third-party distributors. Moreover, we are going to see a state of affairs of “AI vs. AI,” the place AI enhances menace detection and response capabilities, however can also be weaponized by attackers. New laws on knowledge privateness will emerge, leading to companies adopting extra strong compliance measures. Lastly, the rise of distant work will proceed to drive demand for safe collaboration instruments and enhanced endpoint safety options. |
Suresh Sankaran Srinivasan – Group Head – Cyber Safety & Information Privateness (Axiata) |
In 2025, the explosion of assault surfaces pushed by AI-powered applied sciences, APIs, 5G+, and IoT will considerably problem organizational defenses. This surge will compel enterprises to rethink their methods round assault floor and vulnerability administration. Regulatory scrutiny will intensify, notably in ASEAN and South Asia, emphasizing the necessity for stronger alignment with trade requirements like NIST CSF 2.0. Organizations will even concentrate on integrating cybersecurity and knowledge privateness, addressing the twin imperatives of defending delicate knowledge and sustaining operational resilience. Lastly, organizations might want to make a important shift from incident response to proactive menace response to cut back response fatigue and improve cyber resilience. |
Yohannes Glen Dwipajana – SVP Head of Enterprise Safety (Indosat) |
The continuation of AI-based scams might be extra broadly identified. Take over account approach utilizing Bypass-KYC-as-a-service might be extra widespread supporting by three components: inadvertent uncovered biometrics, knowledge leaked and breached PII (notably from ransomware assaults or different hacking actions), and misuse rising capabilities of AI. It is a menace into particular person digital impersonation by utilizing new know-how because it advances, the fraudsters will maintain discovering new social engineering method and mix with AI capabilities which helps them to be extra environment friendly and timelier when performing their actions. |
Yuen Chee Lung – CISO, Expertise Threat Administration & BCM (AIA) |
In 2025, the event of cybersecurity management will concentrate on strengthening abilities that stretch past technical experience. Organizations will intention to form leaders who can clearly convey cybersecurity dangers, methods, and implications to senior executives and board members. These leaders should additionally reveal robust capabilities in danger administration and strategic planning to make sure cybersecurity priorities are aligned with broader organizational targets. By fostering such management qualities, organizations might be higher positioned to handle rising threats, navigate regulatory necessities, and obtain sustainable development in an more and more complicated digital and regulatory atmosphere. |
