As Asia/Pacific businesses accelerate their digital transformation journeys, artificial intelligence (AI) is becoming a core innovation enabler. From identity and access management (IAM) to risk-based trust frameworks, AI is reshaping the cybersecurity landscape. However, as AI adoption grows, so do concerns around security, trust, and compliance.
According to IDC’s Asia/Pacific Security Study, 2024, 76.5% of enterprises in the region say that they are not confident in their organization’s ability to detect and respond to AI-powered attacks. Most are concerned about AI-driven vulnerability scanning by attackers, the rapid exploitation of zero-day vulnerabilities, increasingly personalized and effective social engineering attacks that leverage AI, and AI-powered ransomware attacks with dynamic negotiation and extortion tactics. The risk of AI-driven risk vectors increases in verticals dealing with sensitive and confidential information such as Banking and Financial Services (BFSI) and Healthcare as well as critical infrastructure sectors like energy, transportation, and telecommunications, where disruptions can have widespread consequences.
With cybersecurity emerging as a central theme across the region, AI-fueled business models must address key challenges:
- How can organizations ensure AI systems are secure, transparent, and resilient?
- How should regulatory frameworks evolve to accommodate AI-driven cybersecurity?
- What steps can businesses take to balance AI innovation with trust?
- How can enterprises implement a robust AI governance framework to manage security, compliance, and ethical risks effectively?
To navigate these challenges, enterprises must address three key areas that impact the secure and responsible deployment of AI:
1. Integration and Cost Barriers to AI Security Adoption
Despite its potential, AI-driven security automation struggles with integration issues and high costs. According to IDC FutureScape: Worldwide Security and Trust 2025 Predictions – Asia/Pacific (Excluding Japan) (APJ) Implications, by 2027, only 25% of consumer-facing companies in the region will use AI-powered IAM (Identity and Access Management) for personalized, secure user experiences due to persistent difficulties with process integration and cost concerns, creating a trust gap in AI authentication and identity protection, particularly in consumer-facing sectors like retail, banking, and e-commerce.
2. Regulatory Fragmentation Complicates Compliance
Asia/Pacific’s inconsistent AI regulations make compliance difficult. While Singapore and Australia lead AI governance, India and ASEAN nations lag behind, creating inconsistencies in how businesses implement AI security solutions. China has implemented strict AI laws focused on security assessments and algorithmic transparency, while Japan follows a more flexible, self-regulatory approach emphasizing Responsible AI. One of the most critical shifts in cybersecurity will be the introduction of AI Bills of Materials (AI BoM). By 2028, 70% of data products will include a Data BoM, detailing how data was collected, processed, and consent was obtained. This evidentiary trail will be essential for demonstrating compliance and ensuring AI systems do not operate as black boxes. Alongside, AI governance is mandatory, rather than exploratory. Some nations have demonstrated leadership in already initiating AI governance frameworks – such as Singapore, Australia, India, and Japan – setting the stage for responsible and secure AI adoption across the region. These countries are proactively developing policies and frameworks to ensure AI-driven technologies align with security, compliance, and ethical standards.
3. Unchecked GenAI Adoption Creates Security and Compliance Risks
The rapid expansion of GenAI poses major security and governance challenges for enterprises. IDC predicts that in 2025, 20% of organizations in APJ will move from proof-of-concept (POC) to production in specific GenAI use cases without a comprehensive risk-based assessment of their trust capabilities, potentially creating a cybersecurity house-of-cards scenario. Key risks include data leaks, bias in AI models, and regulatory penalties as governments tighten AI security laws. Without proactive governance, enterprises risk non-compliance, reputational damage, and increased exposure to AI-driven threats.
To mitigate these risks and build trust in AI-powered security, organizations must establish a robust governance framework that ensures transparency, compliance, and operational resilience. This is where IDC’s Unified AI Governance Model comes into play.
IDC’s Unified AI Governance Model
IDC’s Unified AI Governance Model is a strategic framework that balances innovation with risk management, ensuring AI deployment aligns with compliance, security, transparency, and ethical standards. It is built on four key pillars: transparency and explainability, security and resilience, compliance and privacy protection, and human-in-the-loop (HITL) governance.
IDC defines AI governance as a system of laws, policies, frameworks, practices, and processes that enable organizations to manage AI risks while driving business value. Governance must be integrated into strategy rather than treated as a reactive measure. Without it, enterprises face operational inefficiencies, legal exposure, and reputational risks. The model also acknowledges external influences, such as regional regulations, ethical considerations, and societal expectations, which vary significantly across APJ markets. Ensuring that AI governance adapts to these external factors is critical for sustainable and trusted AI adoption.
IDC’s Unified AI Governance Model provides a structured approach to managing AI security and trust by addressing some key questions such as:
- Who is using what data, and where is it stored?
- How is personally identifiable information (PII) data protected through encryption or anonymization?
- Are AI models being tested against risk controls and compliance requirements?
Is there a risk assessment framework for GenAI deployments?
Path Forward: Cybersecurity and AI Governance for Asia/Pacific Businesses
To foster a secure AI-driven future, businesses must take a proactive approach to cybersecurity and AI governance. Key steps include:
- Embedding AI Bill of Materials (BoM) in Cybersecurity Practices: Developing transparent AI security frameworks that document data provenance, consent mechanisms, and compliance checkpoints.
- Investing in AI-Powered (Identity and Access Management) IAM with Risk-Based Authentication: Incorporating adaptive authentication, behavioral analytics, and risk scoring to strengthen trust in AI-driven security systems, instead of relying solely on AI-driven IAM.
- Conducting Comprehensive Risk Assessments for GenAI Deployments: Establishing robust governance policies to prevent unintended risks when moving from GenAI POC to production.
- Integrating Autonomous AI for IT Operations: By 2027, GenAI and analytics deployments for IT operations use cases will increase team productivity by 15%, generating $1.5 billion in economic and business value. Automated IT service desk responses, anomaly detection, and predictive resource capacity planning will be critical for AI-enabled security frameworks.
- Collaborating with Regional Regulatory Bodies: Actively participating in shaping AI governance discussions, ensuring their cybersecurity policies align with emerging regulatory frameworks.
Watch Linus Lai, IDC Asia/Pacific Vice President VP for Software and Services, discuss Unblocking the AI Everywhere Blockers in 2025 and AI’s impact on enterprise applications, infrastructure strategies, and governance models in this on-demand webinar.
Partner with IDC | CSO to elevate your brand presence at Asia’s leading gathering of CISOs and IT security executives. Position your unique capabilities to become security leaders’ trusted vendor of choice in safeguarding their valuable corporate data in the cloud and in exploring the pivotal role of AI and quantum-proof technologies. Happening across 7 Asia/Pacific cities from April to November 2025, join us at the event to showcase your case studies, success stories, and more!
