Singapore – Cybersecurity investigations across the Asia Pacific region are increasingly shaped by faster, AI-enabled intrusions and weaknesses in identity controls, according to the recent 2026 report by Palo Alto Networks Unit 42.
Drawing on more than 750 incident response cases worldwide in 2025, the report indicates that organisations in APAC are confronting the same structural pressures seen globally: compressed attack timelines, expanding digital estates and fragmented identity management.
The findings suggest that threat actors are exploiting these conditions to accelerate compromise and extend their reach across cloud, SaaS, and on-premises environments.
The report further cited that the fastest incidents progressed from initial access to data exfiltration in just over an hour, marking a significant reduction in response windows compared with the previous year. Automation and AI are being used to streamline reconnaissance, refine phishing campaigns and scale malware deployment.
For enterprises across the region, where digital transformation and cloud adoption continue at pace, the shrinking gap between intrusion and impact presents operational challenges for security teams.
“Enterprise complexity has become the adversary’s greatest advantage. This risk is compounded as attackers increasingly target credentials, utilising autonomous AI agents to bridge human and machine identities for independent action,” Sam Rubin, SVP of unit 42 consulting & threat intelligence at Palo Alto Networks, said.
“To mitigate these threats, organisations must reduce complexity and move to a unified platform approach that relentlessly eliminates implicit trust.”
Additionally, the report highlighted how identity-related exposure remains a dominant factor. In nearly nine in ten investigations reviewed, shortcomings linked to credentials or access governance played a meaningful role. Most initial footholds were connected to identity-based techniques such as credential misuse or social engineering, rather than direct exploitation of software flaws.
The report also showcased widespread over-privileging in cloud environments, increasing the likelihood that a single compromised account can escalate into a broader breach affecting regional operations.
Meanwhile, complexity across multiple attack surfaces further compounds the risk. A large majority of incidents involved activity spanning at least two environments, including endpoints, cloud infrastructure and SaaS platforms. This interconnectedness is particularly relevant in APAC markets, where organisations often rely on a mix of global cloud providers, regional data centres and third-party integrations to support cross-border operations.
The study also identified a marked rise in incidents involving SaaS ecosystems and trusted integrations. Cases in which SaaS data played a role have grown sharply over the past three years, reflecting heavier reliance on APIs and automated workflows.
Across the cases reviewed, most breaches were linked not to novel exploits but to preventable gaps in visibility, inconsistent control implementation and excessive implicit trust between systems and identities.
For APAC organisations balancing rapid growth with regulatory and operational complexity, the findings underline the importance of consolidating oversight across identity, cloud and SaaS estates, and of reducing unnecessary access privileges before attackers are able to exploit them.
