25 on 2025: APAC safety thought leaders share their predictions and aspirations

athikom
Athikom Kanchanavibhu – Chief Info Safety Officer (Mitr Phol) 2025 appears like a sci-fi novel the place agentic AI transforms enterprise operations. But – like several story – there’s a twist: cyber-attackers are additionally levelling up, wielding AI in methods we’ve but to think about. Even with defences equivalent to prolonged detection and response (XDR), safe entry service edge (SASE), and next-generation firewalls; organisations should pause and ask: “Are we prepared for this new chapter?” The problem is twofold – utilizing AI to supercharge inside safety and defending in opposition to AI-powered threats whereas new assault vectors emerge round AI stacks, resembling a brand new battlefield. 2025 requires rethinking, recalibrating, and staying sharp – those that embrace the longer term gained’t simply preserve tempo however pull forward. carol
Carol Lee – Deputy Normal Supervisor, Cyber Safety & Threat Administration (Hold Lung Group) As we sit up for 2025, the function of cybersecurity professionals will more and more embody broader duties, significantly in knowledge privateness and AI governance. The convergence of those fields calls for that we not solely safeguard our digital belongings but additionally guarantee moral practices in AI improvement and deployment. Consequently, we will anticipate a widening expertise hole, necessitating the creation and availability of certification packages to equip professionals with the required competencies. This evolution might be vital, as organizations would require CISO who can navigate the advanced interaction between safety, privateness, and rising applied sciences, additional underscoring the urgency of this focus globally. cezary
Cezary Piekarski – Interim World Head ICS and World Head, ICS Shield (Normal Chartered Financial institution) 2025 will expose the hole between distributors’ willingness to mix AI options into software program, companies’ urge for food to undertake AI enhancements at tempo, and the power of expertise groups to safe new options. This would be the 12 months of exploration as early adopters be taught painful classes however new finest practices will emerge.
 
Maturity of deep-fake applied sciences will proceed to speed up in disinformation and cybercriminal operations, additional diminishing belief in digital channels. Organisations will initially reply with, normally futile, detections to then pivot in direction of new authentication mechanisms that can redefine boundaries of belief.
 
AI will cut back time-to-exploitation for brand new vulnerabilities, pushing organisations to rethink approaches for resiliency as patching earlier than exploitation turns into insufficient. Organisations might want to rearchitect key methods, to extend their means to isolate and remediate at tempo with out disrupting enterprise processes (doubtlessly with the help of AI). dominic
Dominic Grunden – Advisory Board Member and CISO (Smile Expertise) Conventional threats (ransomware, digital extortion, and social engineering) will proceed to extend, posing main dangers to organisations. Malicious actors will use GenAI to enhance effectivity, efficacy, and menace vectors. Most of those threats will come from the deep and darkish net the place they talk about and monetise using giant language fashions (LLMs) and artificial media.

Geopolitical developments and cyber warfare will considerably impression the cyber menace panorama, persevering with the sample of elevated convergence between the cyber and geopolitical ecosystems. Malicious actors will proceed to function with political partisanship, with cybercriminal teams aligning on both aspect of the geopolitical dispute.

Some organisations will evolve the CISO function with rising duties – into the Chief Digital Safety, Threat, and Resilience Officer or Chief Safety and Resilience Officer.

irfan
Irfan Amer bin Mohd Ismail – Chief Info Safety Officer (AEON Financial institution) The cybersecurity panorama in Southeast Asia might be considerably formed by AI-driven threats, resulting in a heightened concentrate on cloud safety and adherence to stricter knowledge privateness laws. Consequently, I count on Boards to undertake a extra proactive method, posing difficult questions on cyber resilience, knowledge safety and making certain that methods align with enterprise targets. Whereas AI provides sturdy defensive capabilities, it additionally introduces moral dilemmas and the chance of false positives, which have to be addressed thoughtfully. As a CISO, my major problem this 12 months might be balancing compliance and innovation to maintain up with the ever-evolving menace panorama. john
John Ang – Group Chief Expertise Officer (EtonHouse Worldwide Schooling Group) This 12 months, cybersecurity will concentrate on combating AI-powered assaults and deepfake threats, which might hurt organizational reputations. Instruments (e.g., CrowdStrike) are key for AI-driven menace detection, whereas zero-trust frameworks like Microsoft’s Zero Belief provide “robust” defenses.
 
Ransomware continues to evolve, and managing multi-cloud safety complexity requires unified options. Sufficient safety isn’t nearly employees coaching—it begins on the high. At EtonHouse, we’ve kicked off the 12 months with cyber coaching for our board and administration, reinforcing a safety tradition from management to frontline employees. Proactivity is vital in 2025. kah wee
Lim Kah-Wee – Director – Cost Fraud Disruption (Visa) AI will play a vital function in enhancing cyberfraud detection and personalizing fee experiences. Deep studying algorithms have gotten extra subtle, permitting real-time transaction evaluation for potential danger. The potential for the following era of AI to remodel the funds ecosystem – making it safer, smarter, and extra seamless – is huge and a vital issue for fulfillment of funds and different industries in 2025 and past.

In funds, id is the brand new encryption, setting requirements for safe, seamless transactions. Biometric authentication, like fingerprint or facial recognition, provides improved safety and comfort, displacing conventional authentication strategies.

michael
Michael Noticed – Regional CSO, Asia Pacific (Siemens Vitality) Cybercriminals are anticipated to take advantage of private knowledge and AI to hold out extra subtle assaults. Information breaches from earlier years have supplied cybercriminals with entry to considerably extra private knowledge. When mixed with AI-generated deep fakes, this knowledge will allow extra real looking and efficient phishing and spear-phishing campaigns in 2025. As human vulnerabilities proceed to be the weakest safety hyperlink, these assaults are prone to lead to further knowledge breaches or the compromise of vital management methods. Profitable spear-phishing assaults can have extreme penalties, particularly contemplating the privileged entry workers usually should delicate knowledge, monetary transactions, and bodily methods. ricky
Ricky Woo – Govt Director, CISO and Expertise Safety (DBS Financial institution) The cybersecurity panorama in 2025 will see a heightened concentrate on AI-driven threats and provide chain vulnerabilities. Adversaries are anticipated to leverage AI for hyper-personalized social engineering campaigns and adaptive malware, difficult conventional defenses. The rise of Ransomware-as-a-Service will develop the attain of subtle assaults, significantly focusing on resource-limited organizations. Provide chain dangers will draw elevated scrutiny as attackers exploit trusted relationships and vulnerabilities in extensively used software program. Moreover, early experimentation with quantum-resistant applied sciences alerts a paradigm shift, emphasizing the necessity for proactive, multi-layered defenses. Organizations should prioritize innovation, collaboration, and superior menace detection to navigate this evolving panorama. saiful
Saiful Bakhtiar Osman – Head of IT – Shared Providers (PNB Industrial) For 2025, we will be prioritizing IT Safety investments to higher align with the corporate’s imaginative and prescient and mission. Further focus might be given to the data and knowledge safety. All IT tasks which contain knowledge processing will embody the enterprise customers, as they’re the information proprietor. This synergy is predicted to drive enterprise forward, and materialised the anticipated ROI dedicated to the Administration. Concurrently, we’ll proceed to boost the IT Safety ecosystem, with reactive and proactive defence. Equally, steady schooling to all customers on the most recent cyber safety threats is important to construct a powerful IT Consciousness tradition. sakshi
Sakshi Grover – Senior Analysis Supervisor (IDC) By 2027, solely 25% of consumer-facing firms within the Asia-Pacific (excluding Japan) area will use AI-powered id entry administration (IAM) for customized, safe person expertise attributable to continued difficulties with course of integration and value issues.

Study extra right here:
IDC FutureScape: Worldwide Security and Trust 2025 Predictions — Asia Pacific (Excluding Japan) Implications

AI-Powered Cybersecurity: Navigating the Expanding Attack Landscape, Asia/Pacific CISO’s Concerns, Priorities and Investment Areas, and Strategic Vendor Support

sam
Sam Goh – Chief Info Safety Officer (DataX) An AI divide will emerge as area consultants maintaining with AI and efficiently implementing it of their business might be extra aggressive than conventional companies with out the assistance of AI.
 
In the meantime, hyperscalers are attaining new breakthroughs of their AI analysis – significantly within the agentic workflow and AGI, creating the following wave of AI capabilities. All companies might be busy determining how one can capitalise AI capabilities to attain productiveness features by displacing white collar roles to chop prices and enhance profitability in an more and more risky market.
 
Nevertheless, the cyber criminals will even more and more deploy these AI capabilities (since they don’t have a lot to lose or restricted by regulation to do AI Safety testing) to generate extra real-world impression and convey forth a brand new era of smarter AI-enabled assaults. shankar karthikason
Shankar Karthikason – Group Head of Cyber Safety Technique, Operation & Advisory (Averis) 2025 will see Quantum-Resistant Cryptography develop into essential as teams prepare for quantum computing. The APAC  will even pay extra consideration to AI-driven menace detection and response methods to struggle altering cyber threats. Moreover, provide chain safety will get extra consideration, with governments and corporations setting up stricter guidelines to scale back third-party dangers. Cyber resilience, quite than simply prevention, would be the new focus as companies work to scale back downtime and preserve operations working even throughout superior persistent threats. shishir
Shishir Kumar Singh – Group Head of Info Safety & Interim Group Information Privateness Officer (Advance Intelligence Group) AI-Pushed Safety Evolution: Each attackers and defenders will use AI to innovate, making using adaptive menace intelligence important for detecting and responding to evolving threats.
Zero Belief as a Normal: Adoption will prolong into OT, IoT, and cloud ecosystems, pushed by regulatory and operational calls for.
Resilience Amid Complexity: Cyber resilience will develop into a board-level precedence, emphasizing restoration and continuity.
World Rules: Stricter guidelines on AI and knowledge privateness will problem organizations to remain compliant.
Collaborative Safety: Elevated business partnerships for intelligence sharing and tackling provide chain vulnerabilities. silvia
Silvia Lam Ihensekhien – Director of Info Safety and Threat Administration (Swire Coca-Cola) This 12 months, I anticipate important development in Zero Belief Structure as organizations prioritize minimizing dangers from insider threats and knowledge breaches. The concentrate on provide chain safety will enhance as a result of rising variety of cyber incidents focusing on third-party distributors. Moreover, we’ll see a state of affairs of “AI vs. AI,” the place AI enhances menace detection and response capabilities, however can also be weaponized by attackers. New laws on knowledge privateness will emerge, leading to companies adopting extra sturdy compliance measures. Lastly, the rise of distant work will proceed to drive demand for safe collaboration instruments and enhanced endpoint safety options. suresh
Suresh Sankaran Srinivasan – Group Head – Cyber Safety & Information Privateness (Axiata) In 2025, the explosion of assault surfaces pushed by AI-powered applied sciences, APIs,  5G+, and IoT will considerably problem organizational defenses. This surge will compel enterprises to rethink their methods round assault floor and vulnerability administration. Regulatory scrutiny will intensify, significantly in ASEAN and South Asia, emphasizing the necessity for stronger alignment with business requirements like NIST CSF 2.0. Organizations will even concentrate on integrating cybersecurity and knowledge privateness, addressing the twin imperatives of defending delicate knowledge and sustaining operational resilience. Lastly, organizations might want to make a vital shift from incident response to proactive menace response to scale back response fatigue and improve cyber resilience. -
Yohannes Glen Dwipajana – SVP Head of Enterprise Safety (Indosat) The continuation of AI-based scams might be extra extensively recognized. Take over account approach utilizing Bypass-KYC-as-a-service might be extra frequent supporting by three components: inadvertent uncovered biometrics, knowledge leaked and breached PII (significantly from ransomware assaults or different hacking actions), and misuse rising capabilities of AI. This can be a menace into particular person digital impersonation by utilizing new expertise because it advances, the fraudsters will preserve discovering new social engineering approach and mix with AI capabilities which helps them to be extra environment friendly and timelier when performing their actions. chee lung
Yuen Chee Lung – CISO, Expertise Threat Administration & BCM (AIA) In 2025, the event of cybersecurity management will concentrate on strengthening expertise that reach past technical experience. Organizations will intention to form leaders who can clearly convey cybersecurity dangers, methods, and implications to senior executives and board members. These leaders should additionally display robust capabilities in danger administration and strategic planning to make sure cybersecurity priorities are aligned with broader organizational targets. By fostering such management qualities, organizations might be higher positioned to deal with rising threats, navigate regulatory necessities, and obtain sustainable development in an more and more advanced digital and regulatory surroundings.