Ransomware continues to be the most prevalent form of cyberattack in Asia Pacific, accounting for 51% of total breaches, according to Verizon Business's 2025 Data Breach Investigations Report. While nearly two-thirds of affected organizations globally refused to pay a ransom, those that did handed over an average of US$115,000 to cybercriminals.
"This year's report reinforces the growing complexity and persistence of cyber threats facing organisations worldwide. The rising incidence of breaches highlights the imperative for businesses to reassess their risk frameworks," says Robert Le Busque, regional vice president for Asia Pacific at Verizon Business.
In Singapore, nearly one in five organisations reported experiencing an average of one breach every other week, according to Rubrik Zero Labs's State of Data Security in 2025: A Distributed Crisis report. Notably, 75% of firms said attackers were able to partially compromise their backup and recovery systems, while 38% experienced total compromise.
Malware on endpoint devices (38%) was the most common attack vector, followed by phishing (32%), insider threats (31%) and breaches through cloud or software-as-a-service (SaaS) platforms (26%). With 91% of Singapore organisations using between two and five cloud platforms, attackers are exploiting weak identity and access management protocols to escalate ransomware attacks across environments.
Rubrik's telemetry also revealed that 27% of high-risk files contained sensitive digital credentials-such as API keys, usernames, and account numbers-making them attractive targets for identity-based attacks.
"The rise of cloud adoption, coupled with increasingly complex hybrid environments, is reshaping the landscape in which organisations operate in - presenting both opportunities and challenges. As more sensitive data moves to the cloud, cyberattackers are broadening their tactics to exploit hybrid cloud vulnerabilities, raising their chances of success. [Organisations therefore] require a data-first security approach - one that mirrors how attackers think, by proactively pinpointing and protecting an organisation's most critical data before it is compromised," says Sheena Chin, managing director for Asean at Rubrik.
See also: Identity fraud costs businesses an average of US$7 million annually
AI cyber threats
Although generative AI has yet to dominate the cyber threat landscape, its potential risks are becoming clearer.
Verizon's report noted that 15% of employees globally access generative AI platforms on corporate devices at least once every 15 days. Of those, 72% used non-corporate email addresses, while 17% relied on corporate emails without integrated authentication systems. This shadow usage of AI has created new risks around data leakage and identity compromise.
See also: AI-assisted scams on the rise, says Microsoft
In Singapore, CyberArk's 2025 Identity Security Landscape study found that 72% of organisations lacked identity controls for AI systems, and 55% admitted they couldn't monitor or secure unauthorised AI use.
The combination of these factors was probably why 81% of Singaporean organisations reported at least one successful identity-centric breach in the past year.
"The race to embed AI into environments has inadvertently created a new set of identity security risks centred around the access of unmanaged and unsecured machine identities - and the privileged access of AI agents will represent an entirely new threat vector," says Clarence Hinton, chief strategy officer at CyberArk.
He continues: "To stay resilient, CISOs and security leaders must modernise their identity security strategies to contend with a new and expanding attack surface characterised by the proliferation of identities with privileged access and made worse by damaging identity silos."
Besides identity-centric breaches, Check Point Software's AI Security Report 2025 also found that cybercriminals are weaponising AI in the following ways:
- LLM data poisoning and disinformation: Malicious actors manipulate AI training data to skew outputs. A case involving Russia's disinformation network Pravda showed AI chatbots repeating false narratives 33% of the time, underscoring the need for robust data integrity in AI systems.
- AI-created malware and data mining: Cybercriminals harness AI to craft and optimise malware, automate DDoS campaigns, and refine stolen credentials. Services like Gabbers Shop use AI to validate and clean stolen data, enhancing its resale value and targeting efficiency.
- Weaponisation and hijacking of AI models: From stolen LLM accounts to custom-built Dark LLMs like FraudGPT and WormGPT, attackers are bypassing safety mechanisms and commercializing AI as a tool for hacking and fraud on the dark web.
To counter the above-mentioned threats, Check Point advises organisations to adopt AI-aware cybersecurity frameworks. This includes leveraging AI to detect AI-generated threats and artifacts, such as synthetic phishing content and deepfakes, and equipping cybersecurity teams with the tools to recognise and respond to AI-driven tactics.
