Singapore – A recent Cohesity study reveals that organisations across the APAC region are facing growing financial repercussions from cyber incidents, with many being forced to revise budgets, forecasts, and recovery strategies.
According to the report, 76% of APAC organisations have experienced at least one significant cyberattack causing measurable operational, reputational, or financial impact. The findings show that 73% of publicly listed firms in the region adjusted their earnings or guidance after an incident, while 69% saw an effect on their share price.
The report also highlights that data recovery continues to pose a major challenge, with 97% of APAC organisations taking longer than 24 hours to restore information from backups. In Singapore, 94% required more than a day, with 18% taking over a week to recover.
“These findings show that cyberattacks now touch every part of the organisation, testing even the most well-prepared as aftershocks spread beyond technical recovery,” Sanjay Poonen, chief executive officer and president of Cohesity, explained.
He added, “When incidents compel companies to rethink forecasts, absorb market reactions, and redirect budgets, cyber resilience is no longer just a technology issue. It is a business and financial imperative.”
Ransomware also remains a significant issue, as 89% of APAC organisations paid a ransom in the past year—40% of which exceeded US$1m. In Singapore, the rate was higher at 91%, with nearly 48% paying over US$1m. The majority reported adverse financial consequences, including revenue loss of 90% in APAC and customer attrition down 45% across the region.
Complementing these findings, the research indicates that most APAC organisations continue to direct the majority of their cyber resilience budgets toward prevention and detection, with comparatively limited investment in response and recovery functions.
“Cyber resilience is critical and cannot be treated the same way as traditional recovery,” Lim Hsin Yin, vice president of sales in ASEAN at Cohesity, stated.
He added, “Organisations today need to master the AI and security paradox. AI-ready data that is trusted, protected, and resilient will enable organisations to innovate confidently without increasing risk exposure.”
While AI-based capabilities such as anomaly detection and user behaviour analytics are widely recognised for strengthening resilience, many organisations still depend on manual verification processes, which can delay response actions and extend recovery times.
Meanwhile, the report also noted that automation and AI are increasingly viewed as essential for advancing detection, response, and recovery capabilities, with 59% of respondents identifying them as critical enablers. However, despite strong uptake of endpoint security and threat intelligence tools, the underuse of these systems limits their potential effectiveness.
This fragmented approach underscores a gap between perceived confidence—reported by nearly half of APAC respondents—and the region’s actual cyber resilience maturity.
The findings are based on responses from 3,200 IT and security leaders across 11 countries, including Australia, Japan, India, and Singapore, representing organisations with over 1,000 employees in both public and private sectors.
