Data and Cybersecurity in ASEAN

Privacy and Security Interdependence: "You cannot have security without privacy and vice versa, you cannot have privacy without security," as mentioned by Togio, Prakorn Chayanuwat, Group Data Protection Officer (Group DPO) Head of Data Governance, PDPA Compliance & DPO/Privacy Office, BDMS Group 2 – BNH Hospital and Samitivej Hospitals Group underscores the interconnected nature of privacy and security. It highlights the importance of considering both aspects in cybersecurity and data management strategies. Reflecting on privacy management is essential in ensuring a holistic approach to cybersecurity and privacy in digital transformation efforts.

Sharing Session :

Ministry of Communication and Information Technology (KEMKOMINFO) - Introduction to Indonesia, overview and advice on doing business in local market
National Cyber and Crypto Agency (BSSN) - Indonesia’s Cyber Security Policy and Regulation Landscape
Indonesian Chamber of Commerce and Industry (KADIN) - Overview of KADIN & Latest developments on cybersecurity policies, developments
Sharing of Telkom Indonesia’s Cyber Security Business Solutions
Sharing of Astra Financial’s IT Priorities
PLN ICON + - Discussion on Cybersecurity Priorities for Indonesia’s Critical Infrastructure
Jakarta Smart City - Sharing on e-government and Digitalisation for Public Services in Indonesia

In the dynamic landscape of cybersecurity, the responsibility for safeguarding an organisation's digital assets transcends traditional boundaries. While rooted in the IT domain, cybersecurity is not solely the purview of technology professionals. Instead, it has evolved into a shared responsibility that spans across the entire business landscape.
Effective cybersecurity demands a collaborative approach, where IT professionals and business leaders work hand-in-hand to create a robust defence strategy. It necessitates a shared understanding of risks, proactive measures to fortify digital infrastructure, and a commitment to fostering a cybersecurity-aware culture throughout the organisation.
Despite governmental initiatives, the collective effort remains imperative to forge a cyber-resilient society. Holistic cyber hygiene practices, continuous learning, collaboration, and information sharing are vital components of this collective endeavour.

Cloud Adoption and Security: A Delicate Balance

Cloud adoption offers scalability and flexibility but introduces new security challenges and may not guarantee long-term cost savings. Regulatory constraints often necessitate a hybrid approach, combining cloud and on-premise resources. This complexity underscores the need for a dedicated cloud security strategy and specialized expertise to manage third-party configurations effectively.

The Rising Importance of Identity Security

The rise of cloud environments has elevated identity-related threats to a primary cybersecurity concern. Organizations must prioritize identity security by implementing zero-trust models to prevent unauthorized access. Managing identity security demands a sophisticated blend of technology, processes, and expertise, along with constant vigilance against evolving threats.

AI In Cybersecurity: A Double- Edge Sword

Artificial Intelligence is transforming cybersecurity, offering enhanced threat detection and response capabilities while also presenting new challenges. While AI improves security measures, it requires human oversight for accuracy and context. Simultaneously, adversaries are leveraging generative AI to create more sophisticated social engineering attacks and efficient malware, highlighting the evolving nature of cybersecurity threats.

Cyber Security Talent Gaps

Both Malaysia and the Philippines face shortages of skilled professionals, prompting government-led initiatives to train thousands in AI-driven threat detection, cloud security, and digital trust.

AI in Cyber Resilience

AI is streamlining security operations by automating log analysis, enhancing digital forensics, and improving real-time threat detection, but concerns over ethical deployment and governance remain.

Regulatory Challenges and Compliance

Malaysia’s Cyber security Act 2024 and the Philippines’ data sovereignty policies are reshaping compliance requirements for businesses, particularly in cloud security and AI adoption.

Emerging Cyber Threats

Fraud, deepfakes, and AI-powered cyberattacks are rising, pushing enterprises to invest in AI/ML-based security solutions to enhance detection and response capabilities.

Digital Trust and AI Governance

Strengthening digital trust is a key priority, with governments focusing on certification programs, AI security testing, and regulatory frameworks to balance innovation with risk mitigation.

Multi-Vendor Approaches and Vendor Transparency

In today's complex cyber threat landscape, a multi-vendor approach is crucial. It enhances resilience but requires careful integration. Vendor transparency is key - challenge them to simulate real attacks during evaluations for better decision-making and stronger defenses.

The Role of AI In Cybersecurity

AI is becoming a game-changer in cybersecurity, enhancing threat intelligence, anomaly detection, and operational efficiency. It's particularly effective in combating alert fatigue and adapting to rapidly evolving attack vectors. However, the adoption of AI isn't without challenges, as it introduces new concerns around securing AI models and maintaining data integrity.

Incident Response and Recovery

In today’s threat landscape, organisations must assume breaches will occur and focus on developing robust response and recovery plans.

Building Resilience in a Dynamic Threat Landscape

In today's dynamic threat landscape, cyber resilience requires a multi-faceted approach. Key strategies include multi-vendor solutions, AI integration, proactive incident response, and addressing skills gaps. Staying aware of geopolitical factors is crucial. This tech-driven, collaborative approach helps organizations defend against current threats and adapt to future challenges

Talent Shortages in Cybersecurity

A live poll with leaders from Malaysian enterprises identified the lack of cyber security talent ( voted by 56%) as a critical barrier to effective risk management. Participants emphasised the need for public-private collaboration to attract, develop, and retain talent. Proactive strategies included investments in Security Operations Centres (SOCs) and partnerships with external cybersecurity experts to close the skills gap.

Complexity of Cloud Security

As businesses increasingly migrate to cloud-based environments, managing cyber security has become more complex (as indicated by 53%). Leaders emphasised the need for a comprehensive security fabric that can protect data across multiple platforms and service providers. The discussion highlighted the importance of implementing a hybrid approach, combining on-premises and cloud-based security solutions to create a robust defense against cyber threats.

Standardising Practices for Resilience

A recurring theme throughout the discussion was the urgent need for standardised cyber security practices across industries. Participants agreed that collaboration between public and private sectors is crucial for developing effective strategies to combat cyber threats. The recent implementation of the Cyber Security Act 2024 in Malaysia was cited as a significant step towards establishing a unified framework for cyber security governance.

Building a Unified and Resilient Ecosystem

As cyber threats continue to evolve, proactive collaboration between industries is crucial. By fostering partnerships, standardising best practices, and adopting cutting-edge technologies, organisations can effectively mitigate risks and enhance resilience. The workshop served as a vital platform for knowledge sharing, bringing together diverse perspectives to address one of the most pressing challenges in today’s digital economy.

AI as an Enabler and a Challenge
AI is transforming IAM, fraud detection, and threat intelligence by automating risk analysis and detecting anomalies, but concerns over ethical AI deployment remain.
Mitigating Human-Centric Cybersecurity Risks
Human errors remain a major vulnerability. A "trust by design" approach and continuous security education are essential for reducing risks like phishing and insider threats.
Transparency and Privacy as Pillars of Digital Trust
Companies must proactively communicate data practices and comply with evolving regulations to strengthen consumer trust and ethical AI governance
Integrating Cybersecurity with Business Strategy
Embedding cybersecurity into business strategy helps mitigate financial losses, protect brand reputation, and prevent operational disruptions from cyber threats.
Navigating a Complex Threat Landscape
Businesses must invest in quantum-resistant encryption, agile security frameworks, and continuous monitoring to stay ahead of emerging cyber threats.
The Role of Collaborative Ecosystems in Strengthening Digital Trust
Information sharing and joint threat intelligence initiatives will enhance cybersecurity resilience, requiring stronger partnerships across industries and governments.

In collaboration with CyberSG TIG Collaboration Centre and SGTech, AIBP launched the 𝗠𝗮𝗹𝗮𝘆𝘀𝗶𝗮 𝗖𝘆𝗯𝗲𝗿 𝗘𝘅𝗽𝗼𝗿𝘁 𝗣𝗹𝗮𝘆𝗯𝗼𝗼𝗸 at the Malaysia Playbook Clinic—a fresh guide for Singapore-based cyber security companies looking to explore Malaysia’s market. We covered updates on the 𝘊𝘺𝘣𝘦𝘳 𝘚𝘦𝘤𝘶𝘳𝘪𝘵𝘺 𝘈𝘤𝘵 2024, 𝘉𝘶𝘥𝘨𝘦𝘵 2025, and the 𝘪𝘮𝘱𝘭𝘪𝘤𝘢𝘵𝘪𝘰𝘯𝘴 𝘰𝘧 𝘑𝘰𝘩𝘰𝘳 𝘚𝘪𝘯𝘨𝘢𝘱𝘰𝘳𝘦 𝘚𝘱𝘦𝘤𝘪𝘢𝘭 𝘌𝘤𝘰𝘯𝘰𝘮𝘪𝘤 𝘡𝘰𝘯𝘦.

Securing Emerging Technologies: Leveraging AI for predictive threat detection and flexible security solutions protects emerging technologies

Building Cyber Resilience: Adopting continuous monitoring, agile incident response, and integrated IT-OT security measures enables organisations to quickly recover from disruptions and maintain operational continuity.

Strengthening Identity & Access Management: Implementing a zero-trust approach with multi-factor authentication and AI-driven risk analysis minimises internal vulnerabilities and secures both employee and customer identities.

Looking Ahead: Embedding cyber security into core business strategies through strategic investments and collaborative partnerships drives agile decision-making and sustainable growth.

This report highlights the critical cybersecurity focus areas for ASEAN businesses. Some findings include:

From 2018 to 2023, there has been a substantial rise in the number of organisations that have fully implemented digital transformation initiatives, growing from 35.8% to 63.2%.
Phishing attacks (42.9%), malware and ransomware attacks (37.0%), and a shortage of cybersecurity talent (37.0%) are among the top concerns.
Over the next two years, organisations plan to focus on digital transformation and security (45.4%), intelligence and awareness (40.3%), and cloud security and infrastructure protection (38.7%).
46.2% of organisations plan to increase their cybersecurity budgets in the next 12 months, although a significant portion of organisations are currently spending less than they believe is necessary.

As ASEAN organisations rapidly advance in digital maturity, they must strategically prepare for escalating cybersecurity challenges. Success in this digital era hinges on aligning security measures with business objectives and emerging threats. By prioritizing robust cybersecurity strategies and adequate resource allocation, ASEAN enterprises can safeguard their digital assets, ensure business continuity, and drive growth in an increasingly complex threat landscape.

This report highlights key Identity Access Management (IAM) and Privileged Access Management (PAM) strategies for businesses in Southeast Asia

Cybersecurity threats in Southeast Asia and the growing need for IAM and PAM
Key benefits of IAM and PAM in protecting identities and privileged accounts
Compliance insights: Meeting regional regulations like Singapore’s Cybersecurity Act and Malaysia’s Personal Data Protection Act
Enhancing security for multi-cloud and hybrid environments in Southeast Asia
Real-world case studies from regional enterprises

Cyber Security in the Philippines: AI Enhanced Security through PlatformsThis report highlights the critical aspects of cyber security in the context of ASEAN's economic growth and digital transformation, specifically focusing on the Philippines:

Understanding the interplay between economic -growth and cybersecurity needs
Identifying key challenges and emerging trends in cybersecurity
Evaluating budget allocation strategies for effective cybersecurity measures
Comparing platform solutions with best-of-breed approaches
Assessing the current state of cybersecurity implementation in the Philippines
Prioritising areas for improvement in cybersecurity practices
Modernising cybersecurity frameworks to meet evolving threats
Recognising key drivers for the adoption of Secure Access Service Edge (SASE) technology

As ASEAN continues to advance digitally, it is imperative for businesses to prioritize robust cybersecurity strategies that align with their growth objectives. This report underscores the importance of addressing vulnerabilities and enhancing defenses to safeguard digital assets. By focusing on comprehensive assessments and strategic investments, organizations in the Philippines can strengthen their cybersecurity posture, ensuring resilience and competitiveness in an increasingly interconnected landscape.

With the rapid evolution of generative AI, the nature of cyber threats is becoming more complex. Experts warned that conventional security measures are no longer sufficient against AI driven threats such as adaptive malware and highly sophisticated phishing campaigns. To build resilience, organisations must adopt multi-layered defence strategies, invest in upskilling cybersecurity teams, and deploy advanced monitoring systems capable of real time threat detection and mitigation. Cyber resilience now demands not only technical sophistication but also proactive risk management and the agility to respond to an ever changing threat landscape.

The panel highlighted the evolving cybersecurity challenges across critical sectors like energy, finance, and utilities. Key insights included the growing complexity of cyber threats, particularly in operational technology (OT) systems with legacy infrastructure, and the potential of AI to enhance threat detection and security operations. The panelists from PETRONAS, PNB, and TNB emphasized the importance of the new Cybersecurity Act, which sets baseline standards, and stressed the need for a holistic approach to cybersecurity that includes top-down organizational support, continuous threat hunting, and talent development. They discussed the blurring lines between IT and OT systems, the risks of dormant malware, and the critical role of AI in simplifying security analyst tasks and detecting sophisticated attacks that traditional tools might miss.Panellists reinforced that frameworks such as Zero Trust architecture and exposure management must become standard practice, particularly as ASEAN nations scale their Industry 4.0 and smart grid initiatives.

Key Takeaways

Identity is the new perimeter. Threat actors are increasingly bypassing MFA protocols and targeting mobile endpoints. As a result, device-based and context-aware identity management is becoming a critical line of defense.
Sector-specific risk requires tailored strategies. Effective cybersecurity cannot be one-size-fits-all. Organizations must adapt their protection models to fit the operational realities of each business unit, geography, and threat environment—often balancing global standards like NIST with local regulations.
Governance, risk, and compliance (GRC) at scale is a major challenge. Organizations with diverse business portfolios face the complex task of applying centralized security standards while enabling decentralized execution. Striking this balance is key for both agility and accountability.
IAM maturity is foundational to resilience. Retrofitting identity architecture late in the game carries high cost and risk. Modern best practices demand federated, pluggable IAM frameworks and embedded mobile app protections as standard.
Resilience isn’t just IT—it’s business strategy. Building resilience means having strong asset visibility, clear risk prioritization, and well-rehearsed cross-functional response capabilities. Empowering business units through training and cyber drills enhances organizational response beyond the IT perimeter.
AI brings significant opportunity—and risk. As GenAI and other technologies accelerate, organizations that haven’t laid a foundation in identity security, cyber hygiene, and data governance may struggle to use AI securely and effectively.

Key Takeaways

AI-powered, highly personalized phishing and social engineering remain top evolving threats — this is consistent with reports referencing AI-driven cyberattacks targeting Indonesia.
For banks and mining, emphasis on robust recovery plans, regular backups, and continuous cyber awareness aligns with sector-specific resilience discussions in the transcript.
Resource constraints for SMEs needing priority-focused, right-sized cybersecurity measures is a recurring topic in Indonesia’s market due to limited budgets and skilled staff.
Lasting resilience grounded in basics like data governance, security testing, and zero trust principles matches the transcript’s focus on fundamentals rather than chasing every new tech trend.
Collaboration, public education, talent development, and protecting vulnerable groups as pillars of collective resilience also strongly echo the government and private sector partnership emphasis within the transcript.

Key Takeaways

Rising Cyber Threats: The Philippines continues to face increased ransomware incidents, phishing, and AI-powered social engineering attacks, particularly targeting SMEs, BPOs, finance, and healthcare sectors.
Data Breaches: Significant breaches affecting financial services, healthcare, and digital payment systems highlight supply chain vulnerabilities and cloud misconfigurations as ongoing risks.
Identity and Network Resilience: Organizations are focusing on strengthening identity intelligence and network resilience, with AI playing a growing role in risk-based access and behavior anomaly detection.
Regulatory and Market Growth: With accelerating digital adoption, the cybersecurity market in the Philippines is expected to grow substantially, driven by government regulations, increased cloud use, and demand for robust security services.
Talent and Awareness: Cybersecurity workforce development and awareness remain critical as complex attacks require skilled professionals and informed users.
Collaboration and Vendor Partnerships: Emphasis on selecting the right cybersecurity partners to tailor solutions to local market needs and protect business continuity.

Cyber Security concerns are the Top of Mind for ASEAN Enterprises

ASEAN Cybersecurity Policies | Roadmap

Cyber Security is a key discussion point at AIBP activities

Cybersecurity and Risk Management in Thailand

Managing Digital Risks in Indonesia

Balancing Innovation & Security in Vietnam

Readiness of Malaysia's Data and Cybersecurity Ecosystem

Prevention, Detection and Response in Thailand’s Cybersecurity Landscape

Building a Safe Secure Digital Future for Vietnam

2023 AIBP Malaysia Advisory Board Meeting

Cyber Security Leaders Sharing their Insights include:

Together with

Knowledge Sharing & Networking Activities

Knowledge Sharing and Networking co-hosted with The Royal Thai Police

Networking Lunch and Knowledge Sharing co-hosted with CrowdStrike

Networking Lunch and Knowledge Sharing co-hosted with CrowdStrike

Networking Lunch and Knowledge Sharing co-hosted with Zscaler

Access the Full AIBP Content Hub

Get access to the entire library of content including videos, reports, focus group discussions, and invitations to innovation-focused networking events throughout ASEAN

Connect with Us!

Cybersecurity Trade Mission - Indonesia

Axiata Group: Navigating Cyber Risks in a Fast- Changing Digital Landscape

AIBP ASEAN B2B Growth Podcast

Roundtable Workshop with CyberSecurity Malaysia

Building Cyber Resilience: Strategies for Cybersecurity Preparedness and Recovery​

Managing Risks in the Digital Age, Thailand

Panel Discussion and Private workshop on Cyber Resilience

Managing Risks in the Digital Age, Indonesia

Managing Risks in the Digital Age, Malaysia

Panel Discussion and Private workshop on Cyber Resilience & the Latest Cybersecurity Act

Navigating Digital Risks in the Philippines

Axiata Group: Driving Digital Innovationwith a Robust Risk Strategy

In this episode, Mr. Abid Adam, Chief Risk and Compliance Officer at Axiata Group, shares his journey from South Africa to Malaysia. He discusses the concept of Ubuntu and his role in leading digital transformation, cybersecurity, data privacy, and ESG initiatives.

AIBP ASEAN B2B Growth Podcast

Future Proofing Cyber Defense & Sentinels: Mastering Tomorrow's Threat

Building AI Driven Cyber Resilience in Malaysia and the Philippines

Hybrid Workshop with Cybersecurity Malaysia, National Cybersecurity Agency Malaysia

AIBP ASEAN Innovation Retreat

Cyber Armour: How AI and Multi Vendor Strategies Shield Against Evolving Threats

Fortifying the Digital Fortress: Strategies for Cyber Resilience

The Evolution of Digital Trust in the Age of AI

𝗘𝗺𝗽𝗼𝘄𝗲𝗿𝗶𝗻𝗴 𝗖𝘆𝗯𝗲𝗿 𝗘𝘅𝗽𝗮𝗻𝘀𝗶𝗼𝗻: 𝗧𝗵𝗲 𝗠𝗮𝗹𝗮𝘆𝘀𝗶𝗮 𝗖𝘆𝗯𝗲𝗿 𝗘𝘅𝗽𝗼𝗿𝘁 𝗣𝗹𝗮𝘆𝗯𝗼𝗼𝗸

Zero Trust: From Buzzword to Best Practice for the Modern Enterprise

Securing Digital Future: Cyber Security and Resilience in the AI Era

Cybersecurity in ASEAN: Navigating the Evolving Threat Landscape

Securing Access in Southeast Asia:Identity Access Management & Privileged Access Management Trends and Strategies

Cybersecurity in the Philippines

Responsible AI, Strategic Readiness, and Cyber Resilience in Focus

Sustainable, Secure, and Skilled: Building Malaysia's Digital Future

Cybersecurity Leaders Align on Resilience, Identity & Governance Amid Emerging Threats

Facing Digital Threats: Indonesia's Stategy for Cybersecurity

Navigating Cyber Challenges in the Philippine

Roundtable Workshop with
CyberSecurity Malaysia

Building Cyber Resilience: Strategies for Cybersecurity Preparedness and Recovery

Axiata Group: Driving Digital Innovation
with a Robust Risk Strategy

Securing Access in Southeast Asia:
Identity Access Management & Privileged Access Management Trends and Strategies