Fortinet, a global leader in cybersecurity, has unveiled the results of a new survey by IDC, revealing a sharp rise in both the volume and sophistication of cyber threats across Asia-Pacific. The study highlights a growing trend in AI-driven attacks that are overwhelming security teams, leaving them struggling to detect and respond in time.
The survey, commissioned by Fortinet, underscores how attackers are increasingly leveraging AI to scale their attacks, making them stealthier and faster. The results point to a shifting threat landscape, where gaps in visibility, governance, and infrastructure are creating more challenges for already stretched cybersecurity teams.
The Growing Threat of AI-Powered Cybercrime
AI-enabled cyber threats are no longer a future concern. Nearly 52% of organizations in Vietnam reported encountering AI-driven cyberattacks in the past year. Moreover, these attacks are escalating rapidly, with 54% of organizations observing a 2X increase, and 36% seeing a 3X increase in the frequency of AI-powered attacks.
These new threats are harder to detect and often exploit human errors, misconfigurations, and weaknesses in identity systems. In Vietnam, the most common AI-powered attacks include AI-assisted credential stuffing and brute force attacks, AI-driven social engineering, deepfake impersonation in business email compromise, and adversarial AI.
Despite the surge in AI-driven threats, only 8% of organizations are confident in their ability to defend against them. Thirty percent of organizations admitted that AI threats are outpacing their detection capabilities, and 33% of organizations in Vietnam reported being unable to track AI-powered threats at all, highlighting a significant preparedness gap.
Shifting Threat Landscape and Emerging Risks
The cybersecurity landscape is no longer defined by isolated crises but is now a constant state of exposure. The most frequently reported threats in Vietnam include ransomware (64%), software supply chain attacks (58%), cloud vulnerabilities (56%), insider threats (52%), and unpatched zero-day exploits (50%).
Interestingly, the most disruptive threats are no longer the most obvious. Unpatched zero-day exploits, insider threats, cloud misconfigurations, and software supply chain attacks have now surpassed more familiar threats like ransomware and phishing in terms of potential damage. These threats often go unnoticed by traditional defenses, exploiting internal weaknesses and gaps in visibility.
While traditional threats like phishing and malware continue to grow at a rate of about 10%, the most rapidly rising threats include ransomware (32%), cloud vulnerabilities (28%), IoT/OT attacks (24%), supply chain attacks (22%), and zero-day exploits (20%). These emerging threats exploit gaps in governance and system complexity, making them harder to detect and more damaging when successful.
Business Impacts and Financial Damage
The consequences of cyberattacks are no longer limited to operational disruption. The top business impacts reported include operational disruption (58%), data theft and privacy violations (54%), loss of customer trust (50%), and regulatory penalties (20%). Financial losses are also significant, with 44% of organizations reporting breaches that resulted in monetary loss, and one in four organizations experiencing losses exceeding $500,000.
The Need for AI-Accelerated Defense Strategies
Simon Piff, research vice-president at IDC Asia-Pacific, emphasized the need for AI-driven defense strategies. “Organizations are facing a surge in complex threats, from misconfigurations to AI-powered attacks, that bypass traditional detection methods. A shift towards integrated, risk-centric cybersecurity models is essential to stay ahead,” he said.
The growing complexity of cybersecurity threats is exacerbated by resource constraints. On average, only 7% of an organization’s workforce is dedicated to IT, with just 13% of that subset focused on cybersecurity. This translates to less than one full-time cybersecurity professional for every 100 employees.
Additionally, only 15% of organizations have a dedicated Chief Information Security Officer (CISO), and 63% combine cybersecurity responsibilities with broader IT roles. Only 6% have specialized teams for functions like threat hunting and security operations, further increasing the strain on cybersecurity teams.
Investing in Cybersecurity Amid Rising Threats
Despite growing awareness of cybersecurity threats, investment in this area remains disproportionately low. On average, just 15% of IT budgets are allocated to cybersecurity, which represents only 1.4% of total revenue—far too little given the scale of the threats.
However, there are signs of improvement, with nearly 90% of organizations in Vietnam reporting increased cybersecurity budgets. Yet, most of these increases are modest, remaining under 10%. This suggests that while investment is growing, organizations remain cautious in their spending.
Organizations are also shifting their focus from infrastructure-heavy investments to more strategic areas, such as identity security, network security, SASE/Zero Trust, and cyber resilience. However, critical areas like OT/IoT security, DevSecOps, and security training still receive limited funding, highlighting ongoing gaps in addressing operational and human-layer vulnerabilities.
A Long-Term Business Enabler
Rashish Pandey, vice president of marketing and communications for Asia and ANZ at Fortinet, emphasized the evolving nature of cybersecurity investment. “As cyber threats become more covert and coordinated, organizations are rethinking their approach to cybersecurity. The focus is shifting from just defense to building long-term resilience through strategic investments in areas like identity, access, and resilience,” he said.
Fortinet’s platform helps organizations adapt to the changing threat landscape by offering visibility, automation, and resilience. “Speed, simplicity, and strategy are more important than ever,” Pandey added.
