• Cybersecurity in APAC: system intrusions quadruple according to Verizon’s 2025 DBIR.
• Singapore organisations face heightened risk.
• Ransomware now accounts for 51% of breaches in the region.

The cybersecurity landscape in the Asia Pacific region has reached a important juncture, with system intrusions now accounting for an alarming 80% of data breaches, according to Verizon Business’s recently released 2025 Data Breach Investigations Report (DBIR).

The increase from last year’s 38% highlights the rapidly evolving threat environment facing organisations in Singapore and the broader region. The 18th annual instalment of the cybersecurity report analysed more than 22,000 security incidents, including 12,195 confirmed data breaches spanning 139 countries.

The report includes contributions from global public and private security agencies, including the Cyber Security Agency of Singapore (CSA), US Secret Service, and Cyber Security Australia.

Cybersecurity in APAC: System intrusions dominate

The most startling finding for the Asia Pacific region is the dramatic rise in system intrusion attacks, which now represent four out of five breaches. “In the Asia-Pacific region, in particular, external actors are targeting important infrastructure and exploiting third-party vulnerabilities,” said Robert Le Busque, regional vice president, of Asia Pacific for Verizon Business.

There has been a surge in malware presence in APAC breaches, jumping from 58% last year to 83% in 2025, with ransomware specifically accounting for 51% of breaches. This represents an escalation of attacks, particularly on Singapore businesses, which form the backbone of the region’s financial and technology sectors.

The human element and recent exercise SG ready 2025

Despite the technological sophistication of many attacks, the human element remains a important vulnerability.

During Exercise SG Ready 2025 in Singapore, more than 30% of phishing emails were opened, and 17% of embedded links were clicked. Such statistics reinforce that even as technical exploits grow in prevalence, social engineering continues to present an effective attack vector.

The DBIR noted that social engineering attacks have been on a slow decline since 2021, now accounting for 20% of breaches of cybersecurity in the APAC landscape. However, the decrease appears to be primarily due to the sharp increase in system intrusion attacks rather than improved security awareness.

External actors and state-sponsored threats

The threat actor profile in APAC is overwhelmingly external from affected organisations, with nearly 100% of breaches attributed to outside actors. Among these, 80% are categorized as organised criminal groups, while 33% are identified as state-affiliated actors – a particularly concerning statistic for Singapore, given its position as a strategic hub for finance, technology, and biotechnology.

The global trend shows espionage-motivated breaches rose to 17%, up from previous years. For Singapore’s important infrastructure and knowledge-intensive industries, this represents a significant security concern requiring heightened vigilance.

Global trends affecting Singapore’s cybersecurity posture

Several global trends identified in the report have particular relevance for Singapore organisations:

1. Vulnerability exploitation: Saw a 34% increase globally, with a significant focus on zero-day exploits targeting perimeter devices and VPNs.
2. Third-party involvement: Doubled, highlighting the risks associated with supply chain and partner ecosystems – a important concern for Singapore’s interconnected business environment.
3. SMB disproportionate impact: Ransomware present in 88% of SMB breaches versus 39% for larger organisations. In Singapore, SMEs constitute 99% of businesses and employ 70% of the workforce.

Economic impact and response strategies

The economic implications of threats are substantial, with the median ransom payment reaching $115,000 globally. However, there are positive signs that organisations are claiming they refuse to pay ransoms, with 64% not paying versus 50% two years ago.

“The year’s DBIR findings reflect a mixed bag of results. Glass-half-full types can celebrate the rise in the number of victim organisations that did not pay ransoms with 64% not paying vs. 50% two years ago. The glass-half-empty personas will see in the DBIR that organisations that don’t have the proper IT and cybersecurity maturity – often the SMB-sized organisations, are paying the price for their size with ransomware being present in 88% of breaches,” said Craig Robinson, research vice president, security services, at IDC.

Implications for Singapore

For Singapore organisations, the 2025 DBIR findings underscore the need for robust security frameworks that address technological vulnerabilities and human factors. As Singapore prepares for a period of heightened digital and political attention, insights from the cybersecurity industry specific to the Asia Pacific provide important guidance for security strategies.