2025 is already shaping up to be a battleground for cybersecurity. With global cybercrime costs projected to reach USD 10.5T, by year’s end, the stakes have never been higher. Cybercriminals are getting smarter, using AI-driven tactics and large-scale exploits to target critical sectors. From government breaches to hospital data leaks and a surge in phishing scams, recent attacks highlight the growing financial and operational toll of cyber threats.
As cyber threats intensify, the demand for stronger defences, top-tier cybersecurity talent, and global collaboration has never been more urgent.
Here’s a look at the recent cyber developments that are shaping 2025.
Click here to download “Cyber Lessons from the Frontlines” as a PDF.
Major Security Breaches: A Costly Wake-Up Call
Cyberattacks are becoming more targeted, disruptive, and costly – impacting governments and organisations worldwide.
In Singapore, mobile wallet fraud is surging, with phishing tactics causing USD 8.9K in losses – 80% linked to Apple Pay. In the UK, security flaws in government IT systems have exposed sensitive data and infrastructure. South Africa’s government-run weather service (SAWS) was also forced offline, disrupting a critical resource for airlines, farmers, and emergency responders. Across the Atlantic, a data breach at a Georgia hospital compromised 120,000 patient records, while BayMark Health Services, the largest addiction treatment provider in the US, alerted patients to a similar breach.
What steps are governments, tech providers, and enterprises taking to protect themselves, critical infrastructure, and individuals?
Protecting Critical Infrastructure: The Digital Backbone
As global connectivity expands, securing critical infrastructure is paramount to sustaining growth, stability, and public trust.
Undersea cables, which carry much of the world’s internet traffic, are a major focus. While tech giants like Amazon, Meta, and Google are expanding these networks to boost global data speed and reliability, the need for protection is just as urgent – prompting the EU to invest nearly a billion dollars in securing them against emerging threats.
Governments and tech providers alike are stepping up. The European Commission has introduced a cybersecurity blueprint to strengthen crisis coordination, rapid response, and information sharing. Meanwhile, Microsoft is investing USD 700M in Poland’s cloud and AI infrastructure, working with the Polish National Defense to enhance cybersecurity through AI-driven strategies.
Quantifying Cyber Risk: Standardised Threat Assessment
As cyber threats grow more sophisticated, so must our ability to detect, measure, and respond to them.
A major shift in cybersecurity is underway – one that prioritises standardised threat assessment and coordinated defense.
The UK is leading the charge with a new cyber monitoring centre that will introduce a “Richter Scale” for cyberattacks, ranking threats much like earthquake magnitudes. Emerging countries are also joining in; Vietnam is strengthening its cyber defences with a new intelligence-sharing platform designed to improve coordination between the government and private sector.
By quantifying cyber risks and enhancing intelligence-sharing, these efforts are shaping global cybersecurity norms, improving response times, and building a more resilient digital ecosystem.
Beyond Defence: Proactive Measures to Combat AI-Driven Cybercrime
Cyber threats evolve faster than defences can keep up – a single click on a malicious email can lead to a breach in just 72 minutes.
With AI making cyberattacks more sophisticated, governments are taking an active role in cyber law enforcement.
Indonesia set up a cyber patrol to monitor and regulate harmful online content while also working to create a safer digital space for children. Thailand, Cambodia, and Laos are cooperating to curb cross-border scams through intelligence sharing and joint enforcement efforts.
Building Trust Online: Digital Identity Solutions
Governments are moving beyond enforcement to strengthen security with digital identity frameworks.
The EU is leading this shift with large-scale pilots for digital identity wallets, designed to offer citizens a secure, seamless way to verify credentials for services, transactions, and age-restricted content. By 2026, each EU member state will issue its own wallet, built on unified technical standards to ensure cross-border interoperability and stronger cybersecurity.
Digital identity wallets mark a major shift in data security, giving citizens greater control over their information while strengthening online trust. By securing identity verification, governments are reducing fraud and identity theft, creating a safer digital landscape.
Closing the Gap: Global Cyber Education Push
Cybersecurity education is no longer just for IT teams – it’s essential at every level, from executives to employees, to build long-term resilience.
Again, governments and tech giants alike are stepping up to bridge the skills gap and enhance cyber awareness.
Singapore is leading by example with a cyber-resilience training program for board directors, ensuring corporate leaders understand cyber risk management. AWS is investing USD 6.35M to support cybersecurity education in the UK, and Microsoft is expanding its global training efforts. The company has partnered with Kazakhstan to strengthen public sector cybersecurity and has committed to training one million South Africans in AI and cybersecurity by 2026.

The Path Forward: A Collective Responsibility
The cybersecurity landscape underscores a crucial truth: resilience can’t be built in isolation. Governments, businesses, and individuals must move past reactive measures and adopt a collective, intelligence-driven approach. As threats grow more sophisticated, so must our commitment to collaboration, vigilance, and proactive defence.
In an increasingly interconnected world, securing the digital landscape is not just necessary – it’s a shared responsibility.

Ecosystm research shows that cybersecurity is the most discussed technology at the Board and Management level, driven by the increasing sophistication of cyber threats and the rapid adoption of AI. While AI enhances security, it also introduces new vulnerabilities. As organisations face an evolving threat landscape, they are adopting a more holistic approach to cybersecurity, covering prevention, detection, response, and recovery.
In 2025, cybersecurity leaders will continue to navigate a complex mix of technological advancements, regulatory pressures, and changing business needs. To stay ahead, organisations will prioritise robust security solutions, skilled professionals, and strategic partnerships.
Ecosystm analysts Darian Bird, Sash Mukherjee, and Simona Dimovski present the key cybersecurity trends for 2025.
Click here to download ‘Securing the AI Frontier: Top 5 Cyber Trends for 2025’ as a PDF
1. Cybersecurity Will Be a Critical Differentiator in Corporate Strategy
The convergence of geopolitical instability, cyber weaponisation, and an interconnected digital economy will make cybersecurity a cornerstone of corporate strategy. State-sponsored cyberattacks targeting critical infrastructure, supply chains, and sensitive data have turned cyber warfare into an operational reality, forcing businesses to prioritise security.
Regulatory pressures are driving this shift, mandating breach reporting, data sovereignty, and significant penalties, while international cybersecurity norms compel companies to align with evolving standards to remain competitive.
The stakes are high. Stakeholders now see cybersecurity as a proxy for trust and resilience, scrutinising both internal measures and ecosystem vulnerabilities.

2. Zero Trust Architectures Will Anchor AI-Driven Environments
The future of cybersecurity lies in never trusting, always verifying – especially where AI is involved.
In 2025, the rise of AI-driven systems will make Zero Trust architectures vital for cybersecurity. Unlike traditional networks with implicit trust, AI environments demand stricter scrutiny due to their reliance on sensitive data, autonomous decisions, and interconnected systems. The growing threat of adversarial attacks – data poisoning, model inversion, and algorithmic manipulation – highlights the urgency of continuous verification.
Global forces are driving this shift. Regulatory mandates like the EU’s DORA, the US Cybersecurity Executive Order, and the NIST Zero Trust framework call for robust safeguards for critical systems. These measures align with the growing reliance on AI in high-stakes sectors like Finance, Healthcare, and National Security.

3. Organisations Will Proactively Focus on AI Governance & Data Privacy
Organisations are caught between excitement and uncertainty regarding AI. While the benefits are immense, businesses struggle with the complexities of governing AI. The EU AI Act looms large, pushing global organisations to brace for stricter regulations, while a rise in shadow IT sees business units bypassing traditional IT to deploy AI independently.
In this environment of regulatory ambiguity and organisational flux, CISOs and CIOs will prioritise data privacy and governance, proactively securing organisations with strong data frameworks and advanced security solutions to stay ahead of emerging regulations.
Recognising that AI will be multi-modal, multi-vendor, and hybrid, organisations will invest in model orchestration and integration platforms to simplify management and ensure smoother compliance.

4. Network & Security Stacks Will Streamline Through Converged Platforms
This shift stems from the need for unified management, cost efficiency, and the recognition that standardisation enhances security posture.
Tech providers are racing to deliver comprehensive network and security platforms.
Recent M&A moves by HPE (Juniper), Palo Alto Networks (QRadar SaaS), Fortinet (Lacework), and LogRhythm (Exabeam) highlight this trend. Rising player Cato Networks is capitalising on mid-market demand for single-provider solutions, with many customers planning to consolidate vendors in their favour. Meanwhile, telecoms are expanding their SASE offerings to support organisations adapting to remote work and growing cloud adoption.

5. AI Will Be Widely Used to Combat AI-Powered Threats in Real-time
By 2025, the rise of AI-powered cyber threats will demand equally advanced AI-driven defences.
Threat actors are using AI to launch adaptive attacks like deepfake fraud, automated phishing, and adversarial machine learning, operating at a speed and scale beyond traditional defences.
Real-time AI solutions will be essential for detection and response.
Nation-state-backed advanced persistent threat (APT) groups and GenAI misuse are intensifying these challenges, exploiting vulnerabilities in critical infrastructure and supply chains. Mandatory reporting and threat intelligence sharing will strengthen AI defences, enabling real-time adaptation to emerging threats.


2024 and 2025 are looking good for IT services providers – particularly in Asia Pacific. All types of providers – from IT consultants to managed services VARs and systems integrators – will benefit from a few converging events.
However, amidst increasing demand, service providers are also challenged with cost control measures imposed in organisations – and this is heightened by the challenge of finding and retaining their best people as competition for skills intensifies. Providers that service mid-market clients might find it hard to compete and grow without significant process automation to compensate for the higher employee costs.
Why Organisations are Opting for IT Service
- Organisations are seeking further cost reductions. Managed services providers will see more opportunities to take cost and complexity out of organisation’s IT functions. The focus in 2024 will be less on “managing” services and more on “transforming” them using ML, AI, and automation to reduce cost and improve value.
- Big app upgrades are back on the agenda. SAP is going above and beyond to incentivise their customers and partners to migrate their on-premises and hyperscale hosted instances to true cloud ERP. Initiatives such as Rise with SAP have been further expanded and improved to accelerate the transition. Salesforce customers are also looking to streamline their deployments while also taking advantage of the new AI and data capabilities. But many of these projects will still be complex and time-consuming.
- Cloud deployments are getting more complex. For many organisations, the simple cloud migrations are done. This is the stage of replatforming, retiring, and refactoring applications to take advantage of public and hybrid cloud capabilities. These are not simple lift and shift – or switch to SaaS – engagements.
- AI will drive a greater need for process improvement and transformation. This will happen along with associated change management and training programs. While it is still early days for GenAI, before the end of 2024, many organisations will move beyond experimentation to department or enterprise wide GenAI initiatives.
- Increasing cybersecurity and data governance demands will prolong the security skill shortage. More organisations will turn to managed security services providers and cybersecurity consultants to help them develop their strategy and response to the rising threat levels.
Choosing the Right Cost Model for IT Services
Buyers of IT services must implement strict cost-control measures and consider various approaches to align costs with business and customer outcomes, including different cost models:
Fixed-Price Contracts. These contracts set a firm price for the entire project or specific deliverables. Ideal when project scope is clear, they offer budget certainty upfront but demand detailed specifications, potentially leading to higher initial quotes due to the provider assuming more risk.
Time and Materials (T&M) Contracts with Caps. Payment is based on actual time and materials used, with negotiated caps to prevent budget overruns. Combining flexibility with cost predictability, this model offers some control over total expenses.
Performance-Based Pricing. Fees are tied to service provider performance, incentivising achievement of specific KPIs or milestones. This aligns provider interests with client goals, potentially resulting in cost savings and improved service quality.
Retainer Agreements with Scope Limits. Recurring fees are paid for ongoing services, with defined limits on work scope or hours within a given period. This arrangement ensures resource availability while containing expenses, particularly suitable for ongoing support services.
Other Strategies for Cost Efficiency and Effective Management
Technology leaders should also consider implementing some of the following strategies:
Phased Payments. Structuring payments in phases, tied to the completion of project milestones, helps manage cash flow and provides a financial incentive for the service provider to meet deadlines and deliverables. It also allows for regular financial reviews and adjustments if the project scope changes.
Cost Transparency and Itemisation. Detailed billing that itemises the costs of labour, materials, and other expenses provides transparency to verify charges, track spending against the budget, and identify areas for potential savings.
Volume Discounts and Negotiated Rates. Negotiating volume discounts or preferential rates for long-term or large-scale engagements, makes providers to offer reduced rates for a commitment to a certain volume of work or an extended contract duration.
Utilisation of Shared Services or Cloud Solutions. Opting for shared or cloud-based solutions where feasible, offers economies of scale and reduces the need for expensive, dedicated infrastructure and resources.
Regular Review and Adjustment. Conducting regular reviews of the services and expenses with the provider to ensure alignment with the budget and objectives, prepares organisations to adjust the scope, renegotiate terms, or implement cost-saving measures as needed.
Exit Strategy. Planning an exit strategy that include provisions for contract termination, transition services, protects an organisation in case the partnership needs to be dissolved.
Conclusion
Many businesses swing between insourcing and outsourcing technology capabilities – with the recent trend moving towards insourcing development and outsourcing infrastructure to the public cloud. But 2024 will see demand for all types of IT services across nearly every geography and industry. Tech services providers can bring significant value to your business – but improved management, monitoring, and governance will ensure that this value is delivered at a fair cost.

The tech industry tends to move in waves, driven by the significant, disruptive changes in technology, such as cloud and smartphones. Sometimes, it is driven by external events that bring tech buyers into sync – such as Y2K and the more recent pandemic. Some tech providers, such as SAP and Microsoft, are big enough to create their own industry waves. The two primary factors shaping the current tech landscape are AI and the consequential layoffs triggered by AI advancements.
While many of the AI startups have been around for over five years, this will be the year they emerge as legitimate solutions providers to organisations. Amidst the acceleration of AI-driven layoffs, individuals from these startups will go on to start new companies, creating the next round of startups that will add value to businesses in the future.
Tech Sourcing Strategies Need to Change
The increase in startups implies a change in the way businesses manage and source their tech solutions. Many organisations are trying to reduce tech debt, by typically consolidating the number of providers and tech platforms. However, leveraging the numerous AI capabilities may mean looking beyond current providers towards some of the many AI startups that are emerging in the region and globally.
The ripple effect of these decisions is significant. If organisations opt to enhance the complexity of their technology architecture and increase the number of vendors under management, the business case must be watertight. There will be less of the trial-and-error approach towards AI from 2023, with a heightened emphasis on clear and measurable value.
AI Startups Worth Monitoring
Here is a selection of AI startups that are already starting to make waves across Asia Pacific and the globe.
- ADVANCE.AI provides digital transformation, fraud prevention, and process automation solutions for enterprise clients. The company offers services in security and compliance, digital identity verification, and biometric solutions. They partner with over 1,000 enterprise clients across Southeast Asia and India across sectors, such as Banking, Fintech, Retail, and eCommerce.
- Megvii is a technology company based in China that specialises in AI, particularly deep learning. The company offers full-stack solutions integrating algorithms, software, hardware, and AI-empowered IoT devices. Products include facial recognition software, image recognition, and deep learning technology for applications such as consumer IoT, city IoT, and supply chain IoT.
- I’mCloud is based in South Korea and specialises in AI, big data, and cloud storage solutions. The company has become a significant player in the AI and big data industry in South Korea. They offer high-quality AI-powered chatbots, including for call centres and interactive educational services.
- H2O.ai provides an AI platform, the H2O AI Cloud, to help businesses, government entities, non-profits, and academic institutions create, deploy, monitor, and share data models or AI applications for various use cases. The platform offers automated machine learning capabilities powered by H2O-3, H2O Hydrogen Torch, and Driverless AI, and is designed to help organisations work more efficiently on their AI projects.
- Frame AI provides an AI-powered customer intelligence platform. The software analyses human interactions and uses AI to understand the driving factors of business outcomes within customer service. It aims to assist executives in making real-time decisions about the customer experience by combining data about customer interactions across various platforms, such as helpdesks, contact centres, and CRM transcripts.
- Uizard offers a rapid, AI-powered UI design tool for designing wireframes, mockups, and prototypes in minutes. The company’s mission is to democratise design and empower non-designers to build digital, interactive products. Uizard’s AI features allow users to generate UI designs from text prompts, convert hand-drawn sketches into wireframes, and transform screenshots into editable designs.
- Moveworks provides an AI platform that is designed to automate employee support. The platform helps employees to automate tasks, find information, query data, receive notifications, and create content across multiple business applications.
- Tome develops a storytelling tool designed to reduce the time required for creating slides. The company’s online platform creates or emphasises points with narration or adds interactive embeds with live data or content from anywhere on the web, 3D renderings, and prototypes.
- Jasper is an AI writing tool designed to assist in generating marketing copy, such as blog posts, product descriptions, company bios, ad copy, and social media captions. It offers features such as text and image AI generation, integration with Grammarly and other Chrome extensions, revision history, auto-save, document sharing, multi-user login, and a plagiarism checker.
- Eightfold AI provides an AI-powered Talent Intelligence Platform to help organisations recruit, retain, and grow a diverse global workforce. The platform uses AI to match the right people to the right projects, based on their skills, potential, and learning ability, enabling organisations to make informed talent decisions. They also offer solutions for diversity, equity, and inclusion (DEI), skills intelligence, and governance, among others.
- Arthur provides a centralised platform for model monitoring. The company’s platform is model and platform agnostic, and monitors machine learning models to ensure they deliver accurate, transparent, and fair results. They also offer services for explainability and bias mitigation.
- DNSFilter is a cloud-based, AI-driven content filtering and threat protection service, that can be deployed and configured within minutes, requiring no software installation.
- Spot AI specialises in building a modern AI Camera System to create safer workplaces and smarter operations for every organisation. The company’s AI Camera System combines cloud and edge computing to make video footage actionable, allowing customers to instantly surface and resolve problems. They offer intelligent video recorders, IP cameras, cloud dashboards, and advanced AI alerts to proactively deliver insights without the need to manually review video footage.
- People.ai is an AI-powered revenue intelligence platform that helps customers win more revenue by providing sales, RevOps, marketing, enablement, and customer success teams with valuable insights. The company’s platform is designed to speed up complex enterprise sales cycles by engaging the right people in the right accounts, ultimately helping teams to sell more and faster with the same headcount.
These examples highlight a few startups worth considering, but the landscape is rich with innovative options for organisations to explore. Similar to other emerging tech sectors, the AI startup market will undergo consolidation over time, and incumbent providers will continue to improve and innovate their own AI capabilities. Till then, these startups will continue to influence enterprise technology adoption and challenge established providers in the market.
