KEY HIGHLIGHTS

• ▸A Fortinet-commissioned Forrester study of 585 APAC cybersecurity decision-makers found that AI-driven threats and internal complexity are outpacing organisational readiness.

• ▸Only 16% of APAC organisations have reached an advanced cybersecurity maturity level, while 68% remain stuck at an intermediate stage.

• ▸57% of organisations cite AI-powered threats as their top concern, yet most lack the integrated infrastructure to deploy AI defences effectively.

• ▸Alert fatigue is real: 50% of SOC teams say alert volumes prevent them from identifying genuine threats, and 48% still rely on manual workflows.

• ▸Tool sprawl is a core vulnerability — some organisations run between 20 and 40 separate security tools, compounding visibility gaps.

• ▸Unified platform adoption is projected to nearly triple in 12–24 months, from 20% to 59%, driven by the need to cut complexity.

• ▸Skills shortages and migration costs remain the biggest barriers to closing the gap between security ambition and operational reality.

## APAC Cyber Defence Gap: AI Threats Outpace Readiness

Only 16% of APAC Organisations Are Ready. Is Yours One of Them?

Most organisations in Asia Pacific believe they're making progress on cybersecurity. The data says otherwise.

A new study commissioned by Fortinet and conducted by Forrester Consulting has exposed a stark readiness gap across the region. Cybersecurity maturity remains constrained, with 68% of organisations at an intermediate stage and only 16% reaching advanced levels.

That's not a minor shortfall. In a threat environment where AI-driven cyberattacks are scaling faster than defences can adapt, intermediate is another word for exposed.

What the Fortinet-Forrester Study Found

The study, conducted by Forrester Consulting, surveyed 585 cybersecurity decision-makers across the region in March 2026. It spans industries including manufacturing, telecommunications, banking, and financial services — the sectors that carry the highest risk and the most sensitive data.

The findings are unambiguous: APAC cyber defence is being outrun by both external adversaries and internal dysfunction.

Results showed that 57% of organisations see AI-powered cyber threats as a major concern, while 54% pointed to fragmented security tools and rising alert volumes as key challenges.

These aren't abstract worries. They reflect daily operational realities inside SOC teams across the region — teams that are overwhelmed, under-automated, and working with architectures that were never designed for today's threat landscape.

Why Fragmented Tools Are Amplifying Risk

Here's the problem most organisations don't want to admit: the tools meant to protect them are making them more vulnerable.

Some organisations, including those in the Philippines, use between 20 and 40 different cybersecurity tools, making operations more complex to manage. Each tool generates alerts. Each alert requires triage. And without integration, those alerts exist in silos — with no unified picture of what's actually happening across the environment. BusinessWorld

About 50% of organisations said the volume of alerts makes it difficult to distinguish legitimate threats, while 48% still rely on manual workflows. BusinessWorld

This is tool sprawl at its most dangerous. When analysts are buried in noise, real threats slip through. When workflows are manual, response times stretch from minutes to hours. Attackers, meanwhile, are operating at machine speed.

52% of respondents cited alert overload as a concern, 50% pointed to regulatory pressure, and 49% identified skills shortages as a major challenge. These aren't separate problems — they're a compounding system failure. BusinessWorld

AI: The Double-Edged Sword Security Teams Must Navigate

Artificial intelligence is reshaping cybersecurity from both sides of the firewall simultaneously.

78% of Philippine organisations encountered AI-powered cyber threats in the past year, with over 60% reporting a two- to three-fold increase in such attacks. These include deepfake-driven business email compromise, adversarial AI, and polymorphic malware — threats that adapt faster than signature-based tools can track. SunStar

On the defensive side, AI holds genuine promise. More than 60% of APAC organisations expect AI to improve detection accuracy, accelerate response, and strengthen overall security posture. Organisations also see AI as key to reducing complexity, with 58% expecting consistent policy enforcement, 57% centralised control, and 56% reduced manual workflows. Pinoy Metro Geek

But there's a critical gap between expectation and execution. As Fortinet VP Rashish Pandey stated, "AI can only deliver meaningful outcomes when it is built on an integrated foundation. Without unified visibility and connected data across environments, AI risks amplifying complexity rather than reducing it." Techandlifestylejournal

In other words: deploying AI into a fragmented environment doesn't fix the problem. It scales it.

How to Close the APAC Cyber Readiness Gap

The Fortinet-Forrester data doesn't just diagnose the problem — it points toward the cure. Here's what security and IT leaders must prioritise now.

1. Shift to a Unified Security Platform While only 20% of APAC organisations operate a unified platform today, this is expected to rise to 59% over the next 12–24 months. The shift is being driven by the need to reduce tool sprawl (58%), improve integration (52%), and manage growing hybrid complexity (49%). Don't wait for the industry average to catch up — act ahead of it. Pinoy Metro Geek

2. Build the Data Foundation AI Requires AI is only as effective as the data it operates on. Fragmented environments, limited automation, and lack of unified data are hindering effective AI adoption. Many organisations are still building the foundational capabilities required to operationalise AI at scale. Consolidating data pipelines and visibility layers is a prerequisite, not an afterthought. Pinoy Metro Geek

3. Automate SOC Workflows Aggressively Manual triage cannot keep pace with modern attack volumes. Prioritise SOAR (Security Orchestration, Automation, and Response) tooling that reduces analyst burden on low-confidence alerts and frees capacity for genuine threat investigation.

4. Treat Skills Gaps as a Strategic Risk An estimated global shortfall of more than 4.7 million skilled professionals leads to critical security roles being unfilled at a time when they are needed most. APAC organisations must invest in upskilling existing teams, not just recruit externally. AI fluency is now a core security competency. Fortinet

5. Adopt Zero Trust Principles Across Environments As hybrid and multi-cloud environments expand the attack surface, perimeter-based thinking fails. Zero Trust Architecture — verify every user, every device, every request — must underpin any platform consolidation strategy.

The Broader Threat Landscape: 2025–2026 Data

The Fortinet-Forrester findings don't exist in isolation. They align with a global acceleration in attacker sophistication that security teams can no longer treat as a future problem.

Fortinet's 2025 Global Threat Landscape Report revealed that cybercriminals shared over 100 billion compromised credentials in underground forums in 2024 — a 42% increase from the previous year. Credential-stuffing at that scale makes identity security a first-tier priority for every APAC organisation. DQC

Common AI-fuelled tactics now include deepfake-led business email compromise, polymorphic malware, and adversarial AI targeting zero-day vulnerabilities — sophisticated attacks that exploit human errors, misconfigurations, and identity loopholes. Techcoffeehouse

Meanwhile, only 18% of Singaporean firms expressed strong confidence in their ability to defend against AI-powered threats, and one in 20 admitted they have no way to track such threats at all. That's not a fringe finding — it's a regional pattern. Techcoffeehouse

86% of organisations experienced at least one cyber breach in 2024, with nearly one-third reporting five or more — a significant increase from 2021. The trajectory is clear, and the cost of inaction is no longer theoretical. Fortinet

Conclusion

The Fortinet-Forrester study is a mirror, not just a report. It reflects an APAC cybersecurity ecosystem where ambition is high, investment is increasing, but operational readiness is lagging dangerously behind the threat curve.

The organisations that close this gap won't do it by adding more tools. They'll do it by removing the wrong ones, unifying what remains, and building the AI-ready data foundations that turn intelligence into action.

Complexity is the attacker's greatest ally right now. Simplification — disciplined, deliberate, and platform-driven — is the defender's best response.

The question isn't whether your organisation will face an AI-powered threat. It's whether your architecture will be ready when it arrives.

FAQ Section

Q: What did the Fortinet Forrester APAC cybersecurity study find? A: The study, surveying 585 decision-makers across Asia Pacific in March 2026, found that only 16% of organisations have reached advanced cybersecurity maturity. It identified AI-driven threats, fragmented tools, and alert overload as the region's top structural security risks.

Q: Why are AI-driven threats particularly dangerous for APAC organisations? A: AI enables attackers to operate at machine speed — deploying polymorphic malware, deepfake-based phishing, and adversarial techniques that adapt faster than traditional defences. Most APAC organisations lack the integrated data environments needed to deploy AI-powered defences effectively in response.

Q: What is tool sprawl and why does it increase cyber risk? A: Tool sprawl refers to the use of too many disconnected security products across an environment. When tools don't share data or alert in unified consoles, analysts face overwhelming volumes of noise, miss real threats, and respond slower. Some APAC organisations run 20–40 separate security tools simultaneously.

Q: How can organisations improve their cybersecurity maturity in APAC? A: The clearest path involves consolidating onto unified, platform-based security architectures that provide integrated visibility, AI-driven detection, and automated response. This reduces tool sprawl, improves data quality for AI, and accelerates SOC workflows — the three core pillars the Fortinet study identifies as critical.

Q: What percentage of APAC organisations plan to adopt unified security platforms? A: Currently, only 20% operate a unified security platform. According to the Fortinet-Forrester study, this is expected to rise to 59% within the next 12–24 months as organisations prioritise architecture simplification to manage growing AI-driven complexity.

Read More:

PHP SOAP Vulnerabilities Enable Remote Code Execution

Google Reports North Korean Hackers Using AI to Target Cybersecurity Blind Spots

BitUnlocker Downgrade Attack on Windows 11 Breaches Encrypted Disks Within Minutes

UK Cybercrime Reform Protects Ethical Hackers

Foxconn Cyberattack: Hackers Claim Apple & Google Data Stolen

Arctic Wolf Launches AI Mobile Threat Defense