Kuala Lumpur, 27 November 2024 – Palo Alto Networks, the global cybersecurity leader, today released its 2025 cybersecurity predictions for the Asia Pacific region, outlining five key trends that cyber practitioners can expect to unfold in the coming twelve months and position their organisations for a more secure future.
Organisations across the APAC region have emphasised embedding AI into business processes in 2024. This includes cybersecurity processes, where organisations and their adversaries are engaged in an AI arms race. But alarmingly, according to a recent PwC report, more than 40% of leaders say they do not understand the cyber risks posed by emerging technologies like Generative AI[1]. In 2025, AI will become central to cybersecurity strategy with organisations using AI to proactively mitigate risk. Crucially, they will also seek to secure their own AI models.
Simon Green, President, Asia Pacific and Japan at Palo Alto Networks:
“In 2025, our region will face a perfect storm of AI-driven cyber threats, escalating in scale, sophistication, and impact. The days of fragmented security approaches are over—organizations must pivot to unified platforms powered by transparent and trustworthy AI to stay ahead. As quantum attacks loom and deepfakes become mainstream tools of deception, businesses will either innovate or risk being outpaced by adversaries. The stakes have never been higher, and trust will be the ultimate currency in this new era of cybersecurity. Those who fail to adapt risk not just breaches but irreparable damage to their reputation and resilience.”
Sarene Lee, Country Manager, Malaysia, Palo Alto Networks, notes:
“As Malaysia continues its rapid digitalisation journey to become a regional hub, it will undoubtedly encounter growing pains. AI and quantum computing will bring innovations that critical sectors must adopt to stay competitive, yet these same advancements will also amplify cyber risks. In 2025, the AI arms race will reach new heights, making it easier for attackers to deploy sophisticated AI-driven tools, including ransomware-as-a-service kits, that will target Malaysian businesses with increased scale, frequency, and impact. As these AI-powered cybercrime tools become more accessible, Malaysian enterprises will need robust, AI-driven unified data platforms to counteract and gain an edge in the war on cybercrime.”
From the anticipated surge in high-impact cyber attacks to the integration of quantum AI for energy-efficient solutions, these predictions for 2025 serve as essential guidelines for organisations to shape their cybersecurity strategies and maximize the potential of AI technologies.
In 2025, the organisations will address increased complexity by reducing the number of cybersecurity tools in use, and shifting to a unified platform, offering enhanced visibility and control. The ongoing cyber skills shortage will continue to accelerate this trend. A unified platform will provide end-to-end visibility and context, spanning code repositories, cloud workloads, networks, and SOCs. Ultimately this creates a more holistic security architecture with fewer dashboards. The convergence of all security layers onto a unified platform will optimise resources, improve overall efficiency, and enable organisations to build more resilient, adaptive defences against evolving threats
Deepfakes are already being used for nefarious purposes in the APAC region. While some have been used to spread political misinformation, the most effective attacks have targeted corporations for financial gain, like the employee at a Hong Kong engineering firm duped into wiring millions of dollars to a scammer who had used deepfakes to imitate the CFO and executive team on a video conference.
Savvy criminals will take note and use ever-improving generative AI technology to launch credible deepfake attacks. The use of audio deepfakes will also become more widespread in these attacks, as the available technology allows for highly credible voice cloning. We can expect deepfakes to be used alone or as part of a larger attack much more often in 2025.
Quantum computing projects are spreading across the region, with governments and venture capital firms investing heavily in local initiatives.
While quantum attacks on widely used encryption methods are not yet feasible, nation-state-backed threat actors are expected to intensify their “harvest now, decrypt later” tactics, targeting highly classified data with the intent to unlock it when quantum technology advances. This poses a risk to governments and businesses, with the potential to jeopardise civilian and military communications, undermine critical infrastructure, and overcome security protocols for most internet-based financial transactions. We will likely also see nation state actors target organisations developing quantum computers themselves, in corporate espionage attacks.
To counteract these threats effectively, all organisations will need to act and adopt quantum-resistant defences, including quantum-resistant tunnelling, comprehensive crypto data libraries, and other technologies with enhanced crypto-agility. The National Institute of Standards and Technology (NIST) recently released final standards for post-quantum cryptography. Transitioning to these algorithms will help secure data against future quantum threats. Organisations that require high security should explore quantum key distribution (QKD) as a means of ensuring secure communications. As quantum computing continues to become more and more of a reality and potential threats loom, it will be essential to adopt these measures to keep pace with the rapidly evolving cyber landscape, prevent data theft, and ensure the integrity of their critical systems.
For now, CIOs can debunk any hype around this topic to the board. Though significant progress with quantum annealing has been made, military-grade encryption has still not been broken.
Regulators in the APAC region are starting to zone in on the data protection and cybersecurity implications of the growing use of AI models. This is part of an overall bid to build trust in AI use and encourage AI-driven innovation.
In 2025, APAC legislators’ AI focus on ethics, data protection and transparency, will remain, However, increased use of AI models will lead to greater emphasis being placed on AI security and the integrity and reliability of the data being used. Transparency and proactive communication about AI model mechanics—specifically regarding data collection, training datasets, and decision making processes—will be essential for building customer trust.
In 2025, organisations can be expected to focus more on product integrity and supply chain resilience. Specifically, they will conduct much more thorough risk assessments, consider accountability and legal implications of business outages and review insurance arrangements.
In cloud environments, where complexity and scale amplify risks, real-time visibility has become a necessity. Expect to see greater focus on comprehensive monitoring involving continuous tracking of both infrastructure and application performance metrics.
To hear from Palo Alto Networks global leaders on what to expect in AI and cybersecurity and read more about what else Palo Alto Networks predicts in 2025, visit here.
[1] https://www.pwc.com/bm/en/press-releases/pwc-2024-global-digital-trust-insights.html