With novel technologies like artificial intelligence (AI), internet of things (IoT), blockchain and quantum computing gathering momentum, targeted disruptions, data theft and system sabotage are becoming dangerously widespread. According to an industry report there were twice as many cyberattacks in Southeast Asia (SEA) in 2024 as in 2023, with 92 per cent of the attacks being directed towards companies. Studies forecast a sustained increase in cyberattacks targeting SEA nations due to the region’s swiftly growing digital economy, changing geopolitical dynamics, regulatory frameworks, impending major events and recent cyber incidents.
A look at the regional trends, industry-wise threat landscape, evolving threat vectors, mitigation strategies and the way forward…
Regional cyberattack trends
According to the International Telecommunication Union’s (ITU) Global Cybersecurity Index, most countries in SEA have world-class cybersecurity measures in place. Indonesia, in particular, has emerged as a role model, securing a tier 1 rank globally in 2024 and scoring full 20 points in all critical parameters – legal measures, technical measures, organisational measures, cooperation measures and capacity development. Malaysia, Singapore, Thailand and Vietnam too secured the tier 1 rank but had areas of potential growth. The Philippines secured tier 2 rank; Brunei Darussalam came next, followed by Cambodia and Lao PDR.
Despite making overall improvements in terms of cyber resilience, industry estimates suggest that cyberattacks in the region were significantly high. According to the Malaysian administration, cybercrime cases (numbering 35,368) – especially online scams – have increased dramatically over the last three years, with total losses expected to surpass RM 1.5 billion in 2024. Similarly, media estimates suggest that the Department of Information and Communications Technology (DICT) managed to prevent over 5 million efforts to jeopardise the cybersecurity of several government agencies last year. Border clashes in May 2025 between Cambodia and Thailand have escalated to cyberattacks, with government institutions reportedly being targeted by Cambodia’s AnonsecKh group and Thailand’s BlackEye-Thai group.
Most targeted industries
According to a recent report by CloudSEK, in 2024, the sectors most affected by cyberattacks were banking and finance, retail, government and e-commerce.
What makes the banking and financial institutions sector particularly vulnerable is the fact that it processes huge volumes of customer data, such as information pertaining to payment cards and personal details. The monetisation of cybercrime is intensifying, with ransomware-as-a-service models and the sale of exfiltrated databases on dark web marketplaces driving professionalisation within the cybercriminal ecosystem.
While insufficient cybersecurity measures expose small- and medium-sized businesses to malicious actors, government organisations are the target of hacktivists, state-sponsored cyber espionage groups and cyber warfare because they gather sensitive data – from citizen’ personal information to classified national security information. Further, critical infrastructure in the region faces challenges like disruptions in operations due to these attacks.
Common forms of attacks
According to industry estimates, malware – a software that can harm computers or pilfer data – is the most common form of attack. In 2024, it accounted for 61 per cent of successful cyberattacks on organisations, followed by social engineering (24 per cent) and vulnerability exploitation (21 per cent). Similar patterns were seen in individual attacks, where vulnerability exploitation accounted for 23 per cent, social engineering for 46 per cent and malware for 69 per cent. Within malware, ransomware – a form of malware that can block data access – and remote access trojans (RATs) – a virus that downloads on to a computer disguised as a legitimate program – were the most frequently used tools (42 per cent and 20 per cent respectively).
Building cyber resilience
Across SEA, governments are intensifying regulatory efforts to address the rising threat of cyberattacks. In the Philippines, Executive Order No. 58 formally adopted the Department of Information and Communications Technology’s National Cybersecurity Plan 2023-2028 in April 2024. Singapore amended its 2018 Cybersecurity Act in May 2024 to bolster protection for critical infrastructure and enterprises. Malaysia took a significant legislative step in August 2024 by enacting the Cyber Security Act, 2024 (CSA), which codifies regulatory standards to strengthen national cyber defence and bring Malaysia in line with regional peers. Similarly, in December 2024, Vietnam introduced Decree 147, compelling global tech firms operating in the country to verify user identities and provide user data to authorities.
In Brunei, the introduction of the Personal Data Protection Order (PDPO) in January 2025 marked a pivotal development in data governance. Thailand followed suit in January 2025 by implementing new cybersecurity measures that set baseline requirements for safeguarding critical information systems. In February 2025, Laos issued stringent regulations through its Ministry of Technology and Communications to secure telecommunications and internet infrastructure, with a strong focus on fraud prevention and operational integrity.
Cambodia introduced a draft cybersecurity law in November 2022 that aims to improve digital security and harmonise with international standards, which is still in the legislative phase. Indonesia is also in the process of formulating a Cybersecurity and Cyber Resilience Bill. In the interim, two Presidential Regulations – Perpres No. 47/2023 on National Cybersecurity Strategy and Crisis Management and Perpres No. 82/2022 on the Protection of Vital Information Infrastructure – guide national cybersecurity initiatives. Despite this, the archipelago secured 20 points in the cybersecurity scores in terms of legal parameters in the ITU’s Global Cybersecurity Index.
Collectively, these developments reflect a region-wide move to formalise cybersecurity frameworks. However, questions of practical implementation, civil liberties and compliance costs remain at the heart of the evolving regulatory discourse. While national strategies and regulatory reforms show a clear commitment to strengthening cybersecurity, their effectiveness is being tested by the accelerating pace of technological change, evolving threat actors and the need to balance robust security with civil liberties.
Emerging opportunities
Emerging technologies are fundamentally transforming the cybersecurity domain, presenting a mix of opportunities and challenges. AI and machine learning are increasingly deployed to improve threat detection and automate defensive responses, effectively managing risks while adhering to evolving regulatory frameworks. Similarly, blockchain technology is being embraced for its robust encryption capabilities, ensuring secure transactions and maintaining data integrity. In contrast, the rapid expansion of IoT devices introduces an array of new risks. As these connected devices proliferate, they enlarge the potential entry points for cybercriminals, leading to emerging threats such as deepfakes, data poisoning and model manipulation.
Addressing these contrasting dynamics calls for innovative security strategies and an agile approach to risk management. Ultimately, the region’s ability to build cyber resilience will depend not only on legislative initiatives but also on fostering a culture of vigilance, public-private partnerships and adaptive risk management strategies that can anticipate the next wave of digital threats.
