As geopolitical disruptions, tariff uncertainties, and economic slowdowns prompt organizations to reevaluate budgets, one area that remains non-negotiable is cybersecurity, risk, and compliance. Across Asia/Pacific, this domain has proven remarkably resilient to budget contractions, emerging as a critical enabler of AI-driven innovation, trust, and long-term business viability.
According to IDC’s Worldwide Security Spending Guide, Asia/Pacific enterprises are expected to invest USD $44.4 billion in cybersecurity in 2025, with spending projected to grow at a CAGR of 10.6%, reaching USD $60.6 billion by 2028. This upward trajectory underscores a critical shift: cybersecurity is no longer viewed as a discretionary cost, but as a strategic imperative that is deeply embedded into digital transformation, regulatory readiness, and AI adoption initiatives across the region.
While Asia/Pacific is home to four of the world’s top ten digital economies, it is also at the epicenter of a dual inflection: the aggressive integration of artificial intelligence (AI) into enterprise workflows and the intensifying complexity of the cybersecurity threat landscape. Enterprises across sectors, from banking and healthcare to manufacturing and public utilities, are experiencing the push and pull of this convergence. The accelerated adoption of GenAI, the rise of autonomous decision-making systems, and increased reliance on sensitive data have reshaped the risk surface.
This confluence of AI acceleration and security pressure is driving a new breed of enterprise questions:
- How can we ensure our GenAI deployments are compliant, transparent, and ethically aligned?
- How can AI be used to counter AI-driven threats while ensuring explainability and trust?
- What does an integrated approach to AI risk governance, security operations, and regulatory compliance look like?
According to IDC’s Asia/Pacific Security Study, 2024, 76.5% of regional enterprises admit they are not confident in their ability to detect and respond to AI-powered attacks. The most pressing threats include AI-driven vulnerability scans, zero-day exploits, ransomware with adaptive extortion tactics, and highly personalized social engineering attacks. These risks are particularly acute in regulated industries such as financial services, telecom, and healthcare.
Despite the urgency, organizations in Asia/Pacific face several barriers in building AI-resilient security postures. These include:
1. Integration and cost complexities
AI holds immense promise for security automation, but its adoption is hindered by poor integration with legacy environments and high costs. IDC predicts that by 2027, only 25% of consumer-facing companies in Asia/Pacific will adopt AI-powered identity and access management (IAM) systems, citing operational complexity and financial constraints as core reasons. This growing trust gap makes consumer authentication and identity protection increasingly vulnerable.
2. Regulatory fragmentation and governance gaps
While countries like Singapore and Australia have advanced AI governance policies, the broader region remains fragmented. China’s regulations prioritize algorithmic transparency and national security. Japan emphasizes Responsible AI under self-regulation. India, meanwhile, is still shaping its framework under the Digital India mission. This patchwork of mandates creates compliance confusion, especially for multinational enterprises. A major shift ahead is the expected rise of AI Bills of Materials (AI BoM). By 2028, IDC expects 70% of data products will be accompanied by BoMs detailing consent trails, model training inputs, and risk assessments i.e. a new layer of accountability for enterprise AI deployments.
3. GenAI growth without guardrails
As organizations race to scale GenAI solutions beyond proof-of-concept, risk governance is often left behind. IDC forecasts that in 2025, one in five APJ enterprises will move to production with GenAI without a comprehensive risk-based trust assessment. This opens the door to data leakage, algorithmic bias, reputational damage, and hefty regulatory penalties. In the absence of structured governance, enterprises risk building innovation on a fragile security foundation.
A blueprint for AI-resilient security
Building a future-ready posture
Cybersecurity in Asia/Pacific is moving from reactive to predictive. It is no longer about responding to known threats but is about anticipating emerging risks in a world where AI shapes both offense and defense. Enterprises must future-proof their security architecture by investing not only in technologies but also in governance, skills, and regulatory alignment.
Organizations that embed trust into the core of their AI strategies will be the ones that lead in both innovation and resilience. AI-powered businesses must ensure that privacy, explainability, and compliance are not afterthoughts, but integral components of the design and delivery process. In this new era, cybersecurity is inseparable from AI transformation and trust is its ultimate currency.
Join the Responsible and Secure AI: The Cornerstone of AI-Driven Growth webinar on 23 July 2025 to stay ahead of evolving AI risks, CSO expectations, and regional regulations. Register today!
Partner with IDC | CSO to elevate your brand presence at Asia’s leading gathering of CISOs and IT security executives. Position your unique capabilities to become security leaders’ trusted vendor of choice in safeguarding their valuable corporate data in the cloud and in exploring the pivotal role of AI and quantum-proof technologies. Happening across 7 Asia/Pacific cities from April to November 2025, join us at the event to showcase your case studies, success stories, and more!
