Balancing AI Growth and Security: ASEAN’s Path Forward
When AI's Transformative Potential Is Put at Risk by Lax Cybersecurity

As ASEAN’s digital economy races toward a projected value of USD $1 trillion by 2030—and potentially double that with the ASEAN Digital Economy Framework Agreement (DEFA)—the transformative potential of Artificial Intelligence (AI) risks being compromised by a lax cybersecurity approach.
Our region has witnessed a sharp rise in cyber threats, with attacks rising in scale and sophistication. Singapore’s latest cyber landscape shows phishing and ransomware as dominant threats and a sharp uptick in infected systems, while Malaysia ranked among the top in Southeast Asia for web-based threats last year.
The rapid adoption of AI is introducing new vulnerabilities. Unsurprisingly, 66% of organisations expect this to have the most significant impact on cybersecurity in the year to come, according to Global Cybersecurity Outlook 2025. However, only 37% of these organisations have processes to assess the security of AI tools before deployment, revealing the gap between rapid AI implementation without necessary cybersecurity safeguards and the recognition of AI-induced risks.
Evolving Cyber Threats Require Evolving Solutions
As enterprises deploy AI at scale, attackers are evolving their tactics by exploiting vulnerabilities in these models, targeting proprietary data, and leveraging phishing campaigns to infiltrate systems. IBM’s 2025 X-Force Threat Intelligence Index revealed that 84% of phishing emails now deliver infostealers, and 30% of breaches stem from abuse of valid accounts.
The economists argue for action. At USD $4.44 million on average per breach and a world-leading 34% of global cybersecurity incidents happening to Asian enterprises, the stakes have never been higher. Encouragingly, governments are acting: the ASEAN Cybersecurity Cooperation Strategy (2021–2025) advances information-sharing and joint readiness, while Singapore’s Cybersecurity Act and Malaysia’s National Cyber Security Agency (NACSA) are designed to strengthen enforcement and resilience.
While policy-level initiatives provide the framework and impetus, it is AI itself which presents a powerful opportunity to strengthen our cyber defences. Today’s mature AI algorithms can contextualise vast volumes of data—from raw signals to behavioural patterns—enabling security teams to detect threats faster and respond with precision. At IBM, we’re pioneering generative AI use cases that not only enhance threat detection but also automate response workflows, freeing up valuable time and improving overall resilience.
IBM-Recommended Playbook for AI Security
From our extensive work and expertise in securing our clients cyber signatures, here is a pragmatic playbook for ASEAN businesses to consider:
- Secure-by-design AI: Treat AI systems (models, data, prompts, agents) as critical assets—inventory them, restrict access, monitor usage, and red-team continuously.
- Identity-first protection: Roll out phishing-resistant authentication, close authentication gaps, and monitor for infostealers and credential abuse across endpoints and cloud.
- Automate the Security Operations Center: Use mature AI plus gen AI to accelerate investigations, cut alert fatigue, and keep cybersecurity professionalsin the loop and in charge.
- Invest in skills, jointly: Expand public-private talent programs and regional information-sharing under ASEAN frameworks.
At IBM, we believe the future of cybersecurity lies in the fusion of mature Artificial Intelligence, generative innovation, and automation—empowering security teams to stay ahead of threats, protect critical assets, and build trust in a digital-first world. As ASEAN’s digital economy scales new heights, let’s ensure our cybersecurity posture rises with it. In the race to harness this game-changing innovation, security shoudn’t be an afterthought but rather the foundation.



