Palo Alto Networks, released its 2025 cybersecurity predictions for the Asia Pacific region, outlining five key trends that cyber practitioners can expect to unfold in the coming twelve months and position their organisations for a more secure future.
Organisations across the APAC region have emphasised embedding AI into business processes in 2024. This includes cybersecurity processes, where organisations and their adversaries are engaged in an AI arms race. But alarmingly, according to a recent PwC report, more than 40% of leaders say they do not understand the cyber risks posed by emerging technologies like Generative AI. In 2025, AI will become central to cybersecurity strategy with organisations using AI to proactively mitigate risk. Crucially, they will also seek to secure their own AI models.
Swapna Bapat, Managing Director and Vice President, India & SAARC, Palo Alto Networks:
“In 2025, the cybersecurity landscape will enter a pivotal phase, driven by the dual forces of AI-powered innovation and increasingly sophisticated threats. Cyber adversaries are leveraging AI at unprecedented levels, orchestrating attacks with precision and speed. To counter this, organisations must embrace a unified, proactive security approach powered by transparent, ethical AI. The ability to centralise and analyse data effectively will determine who stays ahead in this high-stakes game. Trust, adaptability, and innovation will be the cornerstones of resilience, ensuring organisations can safeguard not just their operations but also their reputations in this rapidly evolving digital era.”
From the anticipated surge in high-impact cyber attacks to the integration of quantum AI for energy-efficient solutions, these predictions for 2025 serve as essential guidelines for organisations to shape their cybersecurity strategies and maximize the potential of AI technologies.
1. Cyber Infrastructure will be centred around a single unified data security platform
In 2025, the organisations will address increased complexity by reducing the number of cybersecurity tools in use, and shifting to a unified platform, offering enhanced visibility and control. The ongoing cyber skills shortage will continue to accelerate this trend. A unified platform will provide end-to-end visibility and context, spanning code repositories, cloud workloads, networks, and SOCs. Ultimately this creates a more holistic security architecture with fewer dashboards. The convergence of all security layers onto a unified platform will optimise resources, improve overall efficiency, and enable organisations to build more resilient, adaptive defences against evolving threats
2. 2025 is the year deepfakes go mainstream in APAC
Deepfakes are already being used for nefarious purposes in the APAC region. While some have been used to spread political misinformation, the most effective attacks have targeted corporations for financial gain, like the employee at a Hong Kong engineering firm duped into wiring millions of dollars to a scammer who had used deepfakes to imitate the CFO and executive team on a video conference.
Savvy criminals will take note and use ever-improving generative AI technology to launch credible deepfake attacks. The use of audio deepfakes will also become more widespread in these attacks, as the available technology allows for highly credible voice cloning. We can expect deepfakes to be used alone or as part of a larger attack much more often in 2025.
3. Beyond the Quantum security hype: what to expect in 2025
Quantum computing projects are spreading across the region, with governments and venture capital firms investing heavily in local initiatives.
While quantum attacks on widely used encryption methods are not yet feasible, nation-state-backed threat actors are expected to intensify their “harvest now, decrypt later” tactics, targeting highly classified data with the intent to unlock it when quantum technology advances. This poses a risk to governments and businesses, with the potential to jeopardise civilian and military communications, undermine critical infrastructure, and overcome security protocols for most internet-based financial transactions. We will likely also see nation state actors target organisations developing quantum computers themselves, in corporate espionage attacks.
To counteract these threats effectively, all organisations will need to act and adopt quantum-resistant defences, including quantum-resistant tunnelling, comprehensive crypto data libraries, and other technologies with enhanced crypto-agility. The National Institute of Standards and Technology (NIST) recently released final standards for post-quantum cryptography. Transitioning to these algorithms will help secure data against future quantum threats. Organisations that require high security should explore quantum key distribution (QKD) as a means of ensuring secure communications. As quantum computing continues to become more and more of a reality and potential threats loom, it will be essential to adopt these measures to keep pace with the rapidly evolving cyber landscape, prevent data theft, and ensure the integrity of their critical systems.
For now, CIOs can debunk any hype around this topic to the board. Though significant progress with quantum annealing has been made, military-grade encryption has still not been broken.
4. Transparency will be the cornerstone for maintaining customer trust in the AI era
Regulators in the APAC region are starting to zone in on the data protection and cybersecurity implications of the growing use of AI models. This is part of an overall bid to build trust in AI use and encourage AI-driven innovation.
In 2025, APAC legislators’ AI focus on ethics, data protection and transparency, will remain, However, increased use of AI models will lead to greater emphasis being placed on AI security and the integrity and reliability of the data being used. Transparency and proactive communication about AI model mechanics—specifically regarding data collection, training datasets, and decision making processes—will be essential for building customer trust.
5. Increased focus on product integrity and supply chain security in 2025
In 2025, organisations can be expected to focus more on product integrity and supply chain resilience. Specifically, they will conduct much more thorough risk assessments, consider accountability and legal implications of business outages, and review insurance arrangements.
In cloud environments where complexity and scale amplify risks, real-time visibility has become a necessity. Expect to see greater focus on comprehensive monitoring involving continuous tracking of both infrastructure and application performance metrics.