%22%3E%0A%3Cpath%20d%3D%22M412%20101.2H393.7C393.1%20101.2%20392.3%20100.9%20391.8%20100.5C377.3%2087.6004%20362.9%2074.6004%20348.4%2061.6004C344.8%2058.4004%20341.3%2055.2004%20337.7%2052.0004C337.1%2051.5004%20336.2%2051.1004%20335.5%2051.0004C334.2%2050.8004%20333%2051.0004%20331.5%2051.0004V101.1H316.7V0.100391H331.4V44.3004C331.9%2044.3004%20332.2%2044.4004%20332.5%2044.4004C334.9%2044.4004%20337.2%2044.5004%20339.6%2044.4004C340.4%2044.4004%20341.3%2044.0004%20341.8%2043.5004C351.6%2034.4004%20361.4%2025.2004%20371.1%2016.0004C376.5%2010.9004%20381.9%205.90039%20387.3%200.800391C387.9%200.200391%20388.5%200.000390626%20389.3%200.000390626H400.9C384.2%2015.8004%20367.8%2031.3004%20351.2%2047.0004C371.5%2065.0004%20391.8%2082.9004%20412.1%20100.9C412.1%20101%20412.1%20101.1%20412%20101.2ZM180.9%20101.2C184.1%2094.9004%20187.2%2088.9004%20190.3%2082.8004C198.3%2067.3004%20206.2%2051.8004%20214.2%2036.2004C220.3%2024.4004%20226.4%2012.5004%20232.4%200.700391C232.7%200.100391%20233%20-0.0996094%20233.7%20-0.0996094H248.1C248.8%20-0.0996094%20249.2%200.100391%20249.6%200.800391C256%2013.3004%20262.4%2025.7004%20268.8%2038.2004C279.3%2058.6004%20289.8%2079.0004%20300.3%2099.5004C300.5%20100%20300.8%20100.4%20301.1%20101.1C300.5%20101.1%20300.1%20101.2%20299.7%20101.2H286.5C285.6%20101.2%20285.1%20100.9%20284.7%20100.2C280.1%2091.3004%20275.4%2082.4004%20270.8%2073.4004C270.1%2072.1004%20269.3%2071.6004%20267.8%2071.6004H209.9C208.7%2071.6004%20208.1%2072.0004%20207.5%2073.1004C202.9%2082.1004%20198.2%2091.0004%20193.6%20100C193.1%20101%20192.6%20101.3%20191.5%20101.3C188.4%20101.2%20185.3%20101.3%20182.3%20101.3C182%20101.2%20181.6%20101.2%20180.9%20101.2ZM239.1%2011.4004C230%2029.2004%20221.1%2046.7004%20212.1%2064.3004H266.4C257.2%2046.7004%20248.2%2029.2004%20239.1%2011.4004ZM0%200.000390626H43.4C51.2%200.000390626%2058.7%201.20039%2065.7%204.80039C75.9%2010.0004%2078.9%2018.0004%2078.6%2027.4004C78.3%2034.3004%2076%2040.5004%2071.2%2045.5004C67.3%2049.6004%2062.4%2052.3004%2057.1%2054.3004C50.6%2056.7004%2043.9%2058.0004%2037.1%2058.6004C30.1%2059.2004%2023.1%2059.4004%2016.2%2059.7004C15.8%2059.7004%2015.3%2059.8004%2014.8%2059.8004V101.1H0.1C0%2067.4004%200%2033.8004%200%200.000390626ZM14.8%207.10039V52.2004C23.7%2052.4004%2032.6%2052.3004%2041.2%2050.1004C44.4%2049.3004%2047.6%2048.2004%2050.6%2046.7004C58.4%2043.0004%2062.3%2036.7004%2062.7%2028.0004C63%2019.9004%2059.5%2014.1004%2052.4%2010.5004C47.6%208.00039%2042.5%207.10039%2037.2%207.10039H14.8ZM95.9%20101.1V0.100391H167.3V7.20039H110.7V44.7004H158.1V51.9004H110.8V93.9004H171.1V101C146.1%20101.1%20121%20101.1%2095.9%20101.1Z%22%20fill%3D%22black%22%2F%3E%0A%3Cpath%20d%3D%22M35.0004%2025.7996H42.5004V20.6996H44.8004V33.1996H42.6004V27.5996H34.9004V33.2996H32.7004V20.7996H35.0004V25.7996ZM54.4004%2025.8996V27.2996H48.9004V31.6996H55.9004C55.9004%2032.1996%2056.0004%2032.5996%2056.0004%2033.0996H46.5004V20.5996H55.5004V21.8996H49.0004V25.7996C50.7004%2025.8996%2052.5004%2025.8996%2054.4004%2025.8996ZM25.9004%2033.0996H23.5004V21.9996H17.9004V20.6996H31.6004V22.0996H27.1004C26.2004%2022.0996%2025.9004%2022.2996%2025.9004%2023.1996C26.0004%2026.0996%2025.9004%2028.9996%2025.9004%2031.7996V33.0996Z%22%20fill%3D%22black%22%2F%3E%0A%3C%2Fg%3E%0A%3Cdefs%3E%0A%3CclipPath%20id%3D%22clip0_388_462%22%3E%0A%3Crect%20width%3D%22411%22%20height%3D%22101.2%22%20fill%3D%22white%22%2F%3E%0A%3C%2FclipPath%3E%0A%3C%2Fdefs%3E%0A%3C%2Fsvg%3E%0A)
Ransomware makes up half of malware breaches in APAC
Verizon Business’ new report highlights a sharp rise in system intrusions and ransomware attacks within the APAC region
By Jamie Wong JM /
Share this article
In the present day and age, it is no news that cybersecurity is a huge concern for businesses. Last week, Verizon Business—the enterprise division of telecommunication company Verizon Communications—released its 2025 Data Breach Investigations Report. This report analysed more than 22,000 security incidents across 139 countries, including 12,195 confirmed data breaches.
What these attacks are
On the whole, the Asia-Pacific (APAC) region is most susceptible to system intrusion cyberattacks — where hackers break into company systems using stolen credentials, malware, or phishing. Four out of five (83%) of cybersecurity incidents in the region are from such attacks, a significant jump from 2024, where system intrusions only accounted for two out of five (38%) of cybersecurity attacks.
To access company systems, hackers typically rely on a blend of automation, such as bots to test stolen credentials across many websites, and customised attacks where social engineering methods and custom malware may be used to bypass company defences and remain in the system.
How attacks happen
In APAC, system intrusions often begin with stolen credentials or exploited vulnerabilities, then use malware later in the attack to lock or extract data. This year, 83% of breaches involved malware, and more than half of those (51%) were ransomware attacks. That’s higher than the global ransomware average of 44%, indicating that the APAC region is a more suspect to such breaches.
Ransomware involves locking or encrypting a victim’s data and demanding payment to restore access. Just recently, UK chain Marks and Spencers has been implemented in such an attack. This type of attack disproportionately harms small and medium enterprises (SMEs), which often lack the resources to absorb the damage and pay the median ransom demand of US$115,000 (approximately SG$150,300). In Singapore’s context, where SMEs make up 99% of all companies and employ 70% of the workforce, this represents a particularly acute risk.
Fortunately, the number of victim organisations globally that avoid paying ransoms has increased from 50% two years ago to 64% today.
“Considerable work lies ahead in our journey to secure our digital future. The adoption of cybersecurity practices among both the general public and organizations in Singapore could be better,” said David Koh, Commissioner of Cybersecurity and Chief Executive of the Cyber Security Agency (CSA) of Singapore. “There also remains a shortage of skilled cybersecurity professionals—a challenge that mirrors global trends—despite our efforts to grow our cyber talent pipeline. Meanwhile, the threats we all face will only continue to grow in scale and sophistication.”
“There is no clear finish line (to cybersecurity) — it is an enduring mission that requires sustained effort from all stakeholders, to stay ahead of the ever-evolving cyberthreat landscape.”
What to do
However, amidst this worrying rise in ransomware and system intrusions, the report highlighted a positive: the decrease of social engineering cybersecurity incidents in APAC. Social engineering — where people are manipulated into sharing information, downloading malicious software, or visiting compromising websites — has decreased, accounting for only 20% of breaches in 2025, down from 69% in 2021. While this drop is partly due to the overwhelming surge in other types of breaches (i.e. system intrusion), the absolute number of social engineering breaches have been on the decline since 2021.
This suggests that mitigation strategies, such as employee cybersecurity trainings and multi-factor authentication software, have shown results. These practices reduce the likelihood of human error, which has long been considered the weakest link in cybersecurity chains.
At the same time, companies should still exhibit caution. Another trend that the report flags is the doubling of breaches involving third-parties — where a cyberattacker compromises a company through compromising a vendor, supplier, contractor, or partner organisation. As companies expand, supply chain risks should be factored into their cybersecurity strategies, such as setting cybersecurity requirements in vendor contracts, or conducting periodic audits.
“This year’s report reinforces the growing complexity and persistence of cyber threats facing organisations worldwide,” said Robert Le Busque, Regional Vice President, Asia Pacific for Verizon Business.
“In the Asia-Pacific region in particular, external actors are targeting critical infrastructure and exploiting third-party vulnerabilities. The rising incidence of breaches highlights the imperative for businesses to reassess their risk frameworks.”
There is no one-size-fits-all solution to cybersecurity. But the decline in social engineering incidents suggests that defensive measures—such as staff training, system hardening, and authentication protocols—can and do work. As cyber threats continue to evolve, so too must the strategies to counter them. Education, vigilance, and cross-sector collaboration will be key in preparing individuals and organisations alike for an increasingly complex digital future