Palo Alto’s Cybersecurity Benchmark Study Reveals Cyber Budgets Up, AI Gaps Remain

Palo Alto Networks, the world’s leading Artificial Intelligence (AI) cybersecurity company, recently released their 2025 Cybersecurity Resilience in Mid-Market Organisations, a benchmark study, offering a first-of-its-kind view into how mid-market organisations across Asia-Pacific and Japan are evolving their cybersecurity capabilities in the face of growing threats and accelerating digital transformation.

While mid-market organisations in the Asia-Pacific and Japan are making tangible progress in strengthening their cybersecurity posture, Palo Alto Networks found that key challenges remain. Many organisations are still in the early stages of operationalising AI within their security workflows, and gaps persist in areas such as incident recovery and cyber resilience. Additionally, the complexity of managing multiple tools and fragmented environments continues to hinder efficiency. Addressing these issues will require a more unified, platform-based approach that integrates AI-driven capabilities to enhance performance, streamline operations, and strengthen protection across the board.

“Cybersecurity has become a business imperative for Malaysian organisations, as growing digital complexity and AI-powered threats demand a more unified approach,” said Sarene Lee, Country Director, Malaysia at Palo Alto Networks. “Our benchmark study shows that while investment is on the rise, many are still managing fragmented security environments. To keep up, organisations must consider platformisation that brings together tools, teams, and intelligence in a more integrated way. Partners will also be part of this journey by helping organisations simplify operations, enhance visibility, and strengthen outcomes.”

Malaysia Key Findings from thePalo Alto Study

• Malaysia’s maturity lags the region: Malaysia’s benchmark score sits at 19.54, the second lowest in Southeast Asia, pointing to opportunities for stronger execution and alignment. This benchmark signifies how organisations assess their maturity across five areas, including strategy execution, operational performance, and alignment to the NIST 2.0 framework.
• Tool usage is low but expected to increase: Organisations in Malaysia use an average of 4.5 core cybersecurity vendor solutions today—the lowest in Southeast Asia (tied with Singapore)—but this number is expected to increase to 5.9 in 24 months.
• Protecting digital assets is a key priority for Malaysian firms: Malaysian firms now spend 14.5% of their revenue on cybersecurity, which is the second highest in Southeast Asia. Investments are prioritised in data protection, security software, and training. Adoption of the NIST 2.0 framework still has room to grow, with low scores in benchmark categories like Govern and Response, but Malaysia performs better in Detect, ranking third in the region.
• Partner reliance is set to climb: The number of Malaysian organisations working with partners is projected to grow by nearly 50%, from 55% today to 82% in the next 24 months.

Key Regional Highlights of Palo Alto Study

• Indonesia leads the Southeast Asia region with a score of 20.65, followed by the Philippines (20.21).
• Japan trails the region with a score of 16.67, pointing to a greater need for investment in cybersecurity capabilities and organizational alignment.
• Countries like China, Vietnam, and Malaysia are showing strong momentum in both investment and framework adoption.

“The research indicates that mid-market organisations in the region have made notable advancements in strengthening their cybersecurity posture,” said Tim Dillon, Founder, Director, Principal Analyst End User at Tech Research Asia. “However, there remains substantial opportunity for partners to support continued progress, particularly in the areas of workforce education and training, identity and access management, and application and data security.”

“We’re seeing a promising increase in cybersecurity investments among Malaysian organisations, which marks an encouraging shift,” Lee added, “But as digital environments grow more complex, it’s clear that adding more tools isn’t enough. That’s why we need to start talking about platformisation. By integrating capabilities into a unified platform, organisations can build a  more secure, seamless, and scalable cyber defence strategy.”

The Cybersecurity Benchmark for Asia-Pacific and Japan, developed by Palo Alto Networks in collaboration with Tech Research Asia (TRA), surveyed over 2,800 mid-sized organisations across 12 countries and a range of industries. It offers a snapshot of the region’s cybersecurity maturity and provides practical guidance for improvement. With evaluating performance across five key areas; strategy execution, business integration, operational capabilities, solution maturity, and NIST 2.0 framework adoption, the average score was 19.01 out of 25. \

While this indicates a moderate level of maturity, the findings reveal clear opportunities to strengthen AI readiness, boost ransomware resilience, and advance framework implementation. This Tech Research Asia Insights Report Asia-Pacific and Japan Edition was commissioned by Palo Alto Networks and completed in April 2025.

For more information on Palo Alto Networks’ 2025 Cybersecurity Resilience in Mid-Market Organisations Study, visit: https://www.paloaltonetworks.com/industry/japac-mid-market-solutions