Athikom Kanchanavibhu – Chief Data Safety Officer (Mitr Phol) 2025 looks like a sci-fi novel the place agentic AI transforms enterprise operations. But – like all story – there’s a twist: cyber-attackers are additionally levelling up, wielding AI in methods we’ve but to think about. Even with defences resembling prolonged detection and response (XDR), safe entry service edge (SASE), and next-generation firewalls; organisations should pause and ask: “Are we prepared for this new chapter?” The problem is twofold – utilizing AI to supercharge inner security and defending towards AI-powered threats whereas new assault vectors emerge round AI stacks, resembling a brand new battlefield. 2025 requires rethinking, recalibrating, and staying sharp – those that embrace the longer term gained’t simply preserve tempo however pull forward.
Carol Lee – Deputy Normal Supervisor, Cyber Safety & Danger Administration (Hold Lung Group) As we sit up for 2025, the position of cybersecurity professionals will more and more embody broader obligations, notably in information privateness and AI governance. The convergence of those fields calls for that we not solely safeguard our digital property but in addition guarantee moral practices in AI growth and deployment. Consequently, we are able to anticipate a widening abilities hole, necessitating the creation and availability of certification packages to equip professionals with the mandatory competencies. This evolution shall be essential, as organizations would require CISO who can navigate the advanced interaction between security, privateness, and rising applied sciences, additional underscoring the urgency of this focus globally.
Cezary Piekarski – Interim International Head ICS and International Head, ICS Defend (Normal Chartered Financial institution) 2025 will expose the hole between distributors’ willingness to mix AI options into software program, companies’ urge for food to undertake AI enhancements at tempo, and the flexibility of know-how groups to safe new options. This would be the 12 months of exploration as early adopters study painful classes however new greatest practices will emerge.
Maturity of deep-fake applied sciences will proceed to speed up in disinformation and cybercriminal operations, additional diminishing belief in digital channels. Organisations will initially reply with, normally futile, detections to then pivot in direction of new authentication mechanisms that may redefine boundaries of belief.
AI will cut back time-to-exploitation for brand spanking new vulnerabilities, pushing organisations to rethink approaches for resiliency as patching earlier than exploitation turns into insufficient. Organisations might want to rearchitect key programs, to extend their capability to isolate and remediate at tempo with out disrupting enterprise processes (probably with the help of AI).
Dominic Grunden – Advisory Board Member and CISO (Smile Know-how) Conventional threats (ransomware, digital extortion, and social engineering) will proceed to extend, posing main dangers to organisations. Malicious actors will use GenAI to enhance effectivity, efficacy, and risk vectors. Most of those threats will come from the deep and darkish internet the place they talk about and monetise the usage of giant language fashions (LLMs) and artificial media.
Geopolitical developments and cyber warfare will considerably affect the cyber risk panorama, persevering with the sample of elevated convergence between the cyber and geopolitical ecosystems. Malicious actors will proceed to function with political partisanship, with cybercriminal teams aligning on both aspect of the geopolitical dispute.
Some organisations will evolve the CISO position with rising obligations – into the Chief Digital Safety, Danger, and Resilience Officer or Chief Safety and Resilience Officer.
Irfan Amer bin Mohd Ismail – Chief Data Safety Officer (AEON Financial institution) The cybersecurity panorama in Southeast Asia shall be considerably formed by AI-driven threats, resulting in a heightened concentrate on cloud security and adherence to stricter information privateness laws. Consequently, I anticipate Boards to undertake a extra proactive strategy, posing difficult questions on cyber resilience, information security and guaranteeing that methods align with enterprise targets. Whereas AI gives strong defensive capabilities, it additionally introduces moral dilemmas and the danger of false positives, which have to be addressed thoughtfully. As a CISO, my major problem this 12 months shall be balancing compliance and innovation to maintain up with the ever-evolving risk panorama.
John Ang – Group Chief Know-how Officer (EtonHouse Worldwide Schooling Group) This 12 months, cybersecurity will concentrate on combating AI-powered assaults and deepfake threats, which may hurt organizational reputations. Instruments (e.g., CrowdStrike) are key for AI-driven risk detection, whereas zero-trust frameworks like Microsoft’s Zero Belief provide “robust” defenses.
Ransomware continues to evolve, and managing multi-cloud security complexity requires unified options. Ample safety isn’t nearly workers coaching—it begins on the high. At EtonHouse, we’ve kicked off the 12 months with cyber coaching for our board and administration, reinforcing a security tradition from management to frontline workers. Proactivity is essential in 2025.
Lim Kah-Wee – Director – Cost Fraud Disruption (Visa) AI will play a vital position in enhancing cyberfraud detection and personalizing cost experiences. Deep studying algorithms have gotten extra subtle, permitting real-time transaction evaluation for potential danger. The potential for the following era of AI to remodel the funds ecosystem – making it safer, smarter, and extra seamless – is huge and a essential issue for achievement of funds and different industries in 2025 and past.
In funds, id is the brand new encryption, setting requirements for safe, seamless transactions. Biometric authentication, like fingerprint or facial recognition, gives improved security and comfort, displacing conventional authentication strategies.
Michael Noticed – Regional CSO, Asia Pacific (Siemens Power) Cybercriminals are anticipated to use private information and AI to hold out extra subtle assaults. Data breaches from earlier years have supplied cybercriminals with entry to considerably extra private information. When mixed with AI-generated deep fakes, this information will allow extra practical and efficient phishing and spear-phishing campaigns in 2025. As human vulnerabilities proceed to be the weakest security hyperlink, these assaults are more likely to lead to extra data breaches or the compromise of essential management programs. Profitable spear-phishing assaults can have extreme penalties, particularly contemplating the privileged entry workers usually need to delicate information, monetary transactions, and bodily programs.
Ricky Woo – Govt Director, CISO and Know-how Safety (DBS Financial institution) The cybersecurity panorama in 2025 will see a heightened concentrate on AI-driven threats and provide chain vulnerabilities. Adversaries are anticipated to leverage AI for hyper-personalized social engineering campaigns and adaptive malware, difficult conventional defenses. The rise of Ransomware-as-a-Service will increase the attain of subtle assaults, notably focusing on resource-limited organizations. Provide chain dangers will draw elevated scrutiny as attackers exploit trusted relationships and vulnerabilities in broadly used software program. Moreover, early experimentation with quantum-resistant applied sciences alerts a paradigm shift, emphasizing the necessity for proactive, multi-layered defenses. Organizations should prioritize innovation, collaboration, and superior risk detection to navigate this evolving panorama.
Saiful Bakhtiar Osman – Head of IT – Shared Companies (PNB Industrial) For 2025, we will be prioritizing IT Safety investments to higher align with the corporate’s imaginative and prescient and mission. Additional focus shall be given to the knowledge and information security. All IT initiatives which contain information processing will embrace the enterprise customers, as they’re the info proprietor. This synergy is predicted to drive enterprise forward, and materialised the anticipated ROI dedicated to the Administration. Concurrently, we’ll proceed to boost the IT Safety ecosystem, with reactive and proactive defence. Equally, steady schooling to all customers on the newest cyber security threats is crucial to construct a powerful IT Consciousness tradition.
Sakshi Grover – Senior Analysis Supervisor (IDC) By 2027, solely 25% of consumer-facing corporations within the Asia-Pacific (excluding Japan) area will use AI-powered id entry administration (IAM) for customized, safe consumer expertise as a result of continued difficulties with course of integration and value issues.
Study extra right here:
IDC FutureScape: Worldwide Safety and Belief 2025 Predictions — Asia Pacific (Excluding Japan) Implications
AI-Powered Cybersecurity: Navigating the Increasing Attack Panorama, Asia/Pacific CISO’s Issues, Priorities and Funding Areas, and Strategic Vendor Assist
Sam Goh – Chief Data Safety Officer (DataX) An AI divide will emerge as area specialists maintaining with AI and efficiently implementing it of their trade shall be extra aggressive than conventional companies with out the assistance of AI.
In the meantime, hyperscalers are reaching new breakthroughs of their AI analysis – notably within the agentic workflow and AGI, creating the following wave of AI capabilities. All companies shall be busy determining how you can capitalise AI capabilities to realize productiveness beneficial properties by displacing white collar roles to chop prices and enhance profitability in an more and more unstable market.
Nevertheless, the cyber criminals can even more and more deploy these AI capabilities (since they don’t have a lot to lose or restricted by regulation to do AI Safety testing) to generate extra real-world affect and convey forth a brand new era of smarter AI-enabled assaults.
Shankar Karthikason – Group Head of Cyber Safety Technique, Operation & Advisory (Averis) 2025 will see Quantum-Resistant Cryptography change into necessary as teams prepare for quantum computing. The APAC can even pay extra consideration to AI-driven risk detection and response programs to struggle altering cyber threats. Moreover, provide chain security will get extra consideration, with governments and corporations putting in stricter guidelines to cut back third-party dangers. Cyber resilience, quite than simply prevention, would be the new focus as companies work to cut back downtime and preserve operations operating even throughout superior persistent threats.
Shishir Kumar Singh – Group Head of Data Safety & Interim Group Data Privateness Officer (Advance Intelligence Group) AI-Pushed Safety Evolution: Each attackers and defenders will use AI to innovate, making the usage of adaptive risk intelligence important for detecting and responding to evolving threats.
Zero Belief as a Normal: Adoption will prolong into OT, IoT, and cloud ecosystems, pushed by regulatory and operational calls for.
Resilience Amid Complexity: Cyber resilience will change into a board-level precedence, emphasizing restoration and continuity.
International Rules: Stricter guidelines on AI and information privateness will problem organizations to remain compliant.
Collaborative Safety: Elevated trade partnerships for intelligence sharing and tackling provide chain vulnerabilities.
Silvia Lam Ihensekhien – Director of Data Safety and Danger Administration (Swire Coca-Cola) This 12 months, I anticipate important development in Zero Belief Structure as organizations prioritize minimizing dangers from insider threats and data breaches. The concentrate on provide chain security will enhance because of the rising variety of cyber incidents focusing on third-party distributors. Moreover, we’ll see a state of affairs of “AI vs. AI,” the place AI enhances risk detection and response capabilities, however can be weaponized by attackers. New laws on information privateness will emerge, leading to companies adopting extra strong compliance measures. Lastly, the rise of distant work will proceed to drive demand for safe collaboration instruments and enhanced endpoint security options.
Suresh Sankaran Srinivasan – Group Head – Cyber Safety & Data Privateness (Axiata) In 2025, the explosion of assault surfaces pushed by AI-powered applied sciences, APIs, 5G+, and IoT will considerably problem organizational defenses. This surge will compel enterprises to rethink their methods round assault floor and vulnerability administration. Regulatory scrutiny will intensify, notably in ASEAN and South Asia, emphasizing the necessity for stronger alignment with trade requirements like NIST CSF 2.0. Organizations can even concentrate on integrating cybersecurity and information privateness, addressing the twin imperatives of defending delicate information and sustaining operational resilience. Lastly, organizations might want to make a essential shift from incident response to proactive risk response to cut back response fatigue and improve cyber resilience.
Yohannes Glen Dwipajana – SVP Head of Enterprise Safety (Indosat) The continuation of AI-based scams shall be extra broadly identified. Take over account approach utilizing Bypass-KYC-as-a-service shall be extra widespread supporting by three components: inadvertent uncovered biometrics, information leaked and breached PII (notably from ransomware assaults or different hacking actions), and misuse rising capabilities of AI. It is a risk into particular person digital impersonation through the use of new know-how because it advances, the fraudsters will preserve discovering new social engineering manner and mix with AI capabilities which helps them to be extra environment friendly and timelier when performing their actions.
Yuen Chee Lung – CISO, Know-how Danger Administration & BCM (AIA) In 2025, the event of cybersecurity management will concentrate on strengthening abilities that stretch past technical experience. Organizations will purpose to form leaders who can clearly convey cybersecurity dangers, methods, and implications to senior executives and board members. These leaders should additionally reveal robust capabilities in danger administration and strategic planning to make sure cybersecurity priorities are aligned with broader organizational objectives. By fostering such management qualities, organizations shall be higher positioned to handle rising threats, navigate regulatory necessities, and obtain sustainable development in an more and more advanced digital and regulatory atmosphere.
