Cyber Crime & ForensicPress Release

Report: Cybercrime Surging in Asia-Pacific as AI Adoption Creates New Vulnerabilities

Asia Becoming the Strategic Focus of Ransomware Groups, with Financial Services as the Hardest-Hit Sector

Asia-Pacific has become the fastest-growing hunting ground for cybercrime and ransomware groups worldwide, according to a new report from global cyber security and corporate intelligence firm S-RM and global stakeholder strategy firm FGS Global.

The cybercrime report reveals that more than 770 organisations across Asia-Pacific were named on ransomware leak sites last year—a 59% year-on-year increase—with ransomware accounting for 64% of all incidents the firm responded to in the region, significantly higher than the global average of 45%. Financial services was the hardest-hit sector, accounting for 20% of cases in Asia-Pacific.

Cybercrime Is Surging

The surge in cybercrime is being driven by rapid digitalisation across the region, which has vastly expanded the attack surface that attackers can target. All businesses—irrespective of size—adopting online infrastructure and cloud-based services are being targeted, with SMEs most likely to be lacking the cyber maturity to defend against evolving ransomware tactics. At the same time, the introduction and enforcement of stricter data-breach and privacy regulations across Asia—mirroring the pattern seen in Europe following regulations such as GDPR—have given threat actors additional leverage, with attackers now routinely threatening to expose sensitive information in ways that could trigger regulatory penalties.

The cybercrime report identifies a wave of new ransomware groups that appear to have made Asia-Pacific a strategic focus. Groups including NightSpire, Dire Wolf, Gentlemen, and Crypto24—all first observed in 2025—directed between 31% and 50% of their attacks at organisations in the region. Meanwhile, Qilin, the most prolific ransomware group globally with over 1,150 publicly disclosed victims last year, was also the most active group targeting Asia-based organisations.

Lester Lim, Regional Head, APAC, Cyber Security at S-RM, commented: “Asia Pacific’s economic success has made the region an attractive target for cyber criminals. Corporates face a perfect storm of increased regulation, greater stakeholder demands in the event of a cyber-attack, and a more fragmented threat actor landscape attracting criminals of escalating sophistication.

Increasing emergence of the “speed paradox”: As attacks become faster, organisations now face a speed paradox. On the one hand, they may choose to communicate swiftly, without complete or correct information, in an attempt to maintain stakeholder trust and to meet regulatory deadlines. On the other hand, they may wish to wait until they have established the facts, but risk missing deadlines and face the regulatory and reputational consequences of a perceived slow response.”

Kyle Schwaeble, Head of Incident Response, APAC, at S-RM, explained: “As organisations rapidly adopt AI to drive economic efficiency, they are inadvertently handing a powerful toolkit to adversaries who are now moving from intrusion to extortion in hours rather than weeks. This observed behaviour is no different in the Asia-Pacific region, where ransomware incidents already far exceed the global average and the regulation that businesses must contend with is growing rapidly. It is evident the rush to embed AI agents without robust security protocols is creating a significant risk environment.”

He added:  “For APAC businesses, particularly in highly targeted sectors like financial services, the message is clear: AI-enabled productivity must not come at the expense of risk management. To protect their reputation and operations, companies must evolve previously static defences to assume every AI identity is a potential vulnerability, while ensuring that the drive for efficiency does not escalate the prospect of catastrophic harm. While protection and mitigation become more difficult for businesses than ever before, there are some practical precautions that companies can take to secure themselves, and ensure that should they become victims of a cyber-attack they are able to respond and recover faster. These include building operational resilience through regular testing and review of procedures, and ensuring they implement basic cybersecurity controls.”

More from Cybercrime Report

Other key predictions for 2026 in the cybercrime report include:

  • Established ransomware groups will continue to dominate: A handful of prolific, well-established threat actor groups will continue to dominate headlines and victim counts, such as Akira, Qilin, and Scattered Spider/ShinyHunters, while smaller newcomers will emerge with regularity.
  • Ransomware attacks will get faster: Ransomware operators have become increasingly sophisticated in their automation, organisation, and execution. What once took weeks now takes days, and what took days now takes hours.

Ben Richardson, Partner and Head of Asia, FGS Global, concluded: “For APAC boards, ransomware is now a multi-dimensional crisis that can simultaneously cripple operations, trigger harsh regulatory penalties under the region’s tightening privacy laws, and permanently erode stakeholder trust. All of these represent significant reputational harm to a business, meaning that companies not only have to contend with the technical recovery following a cyberattack, but also a reputational rebuild. A holistic, agile approach will be the difference between recovery and lasting damage.”

The full cybercrime report is available here: www.s-rminform.com/cyber-insights-report-2026.

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *