Cxociety Research suggests that Asia’s supply chains will face an even steeper risk against cyber threat actors in 2025 in part to be expected from the ongoing turmoil following near universal trade tariffs slapped on Asian markets by the US.
ON itself, Asia's supply chains in 2025 are already marked by unprecedented complexity, driven by geopolitical tensions, climate change, rapid technological innovation, and now evolving cyber threats.
Evolving cybersecurity threats in Asia's supply chains
The past four years, spanning the pandemic through 2024, have exposed the fragility and hyperconnectivity of global systems. Jayant Dave, CISO for APAC at Check Point Software Technologies, reflects, "Organisations are navigating an increasingly hyperconnected and volatile world, but we saw resilience and adaptability from the world to pivot in the face of adversity." This period underscored how supply chains are vulnerable yet capable of rapid adjustment.
He identifies three critical threats for 2025:
Jayant Dave
"For supply chains, the three most significant threats are the rise of info-stealers and related attacks targeting Bring-Your-Own-Devices (BYOD) environments, state-sponsored cyberattacks fuelled by geopolitical rifts, and the growing complexity of securing emerging technologies like GenAI and IoT that are deeply embedded in logistics and vendor eco-systems." Jayant Dave
These threats highlight the expanding attack surface as supply chains integrate new technologies and remote work models.
Complementing this, Takanori Nishiyama, SVP of APAC Sales and Japan country manager at Keeper Security, emphasises ransomware, social engineering—including AI-powered phishing—and insider threats, both malicious and accidental, as the most pressing risks. He notes, "The most pressing cybersecurity threats to Asia's supply chains in 2025 fall into three categories: ransomware, social engineering including AI-powered phishing, and insider threats, both malicious and accidental. Over the past four years, accelerated digital transformation has expanded the cyberattack surface, particularly with remote work, cloud adoption and increased third-party integrations."
Nishiyama stresses that cyber risks are no longer occasional disruptions but ongoing operational realities, making resilience a core pillar of supply chain strategy.
These perspectives reveal a multifaceted threat environment where technical vulnerabilities, human factors, and geopolitical influences converge.
Geopolitical tensions in Asia profoundly impact supply chain operations and vendor relationships – reshaping how businesses operate.
"We're seeing increased scrutiny on tech vendors, restrictions on cross-border data flows, and a shift towards 'friend-shoring' supply chains based on political alignment rather than cost or efficiency. This creates complexity, drives up costs, and narrows the vendor pool," said Dave. This realignment introduces complexity, drives costs, and narrows the vendor pool.
He further warns, "At the same time, critical infrastructure has become a soft target in digital proxy wars. A disruption in one region—whether due to sanctions, cyberattacks, or shifting alliances—can reverberate across entire supply chains. Leaders now need to manage operational risk and the strategic implications of who they partner with and where those partners are located."
This means leaders must manage operational risks and the strategic implications of partner selection and geographic exposure.
Nishiyama echoes this caution, highlighting the need for a proactive, risk-based approach.
Takanori Nishiyama
"In these cases, CISOs must adopt a proactive, risk-based approach – conducting thorough due diligence, mapping geopolitical risk exposure and putting clear contractual safeguards around cybersecurity and data handling." Takanori Nishiyama
He advocates for a strong governance framework—including audits, compliance checks, and continuous monitoring—to mitigate threats without severing strategic partnerships.
Nishiyama also underscores the value of a zero-trust security model, "A zero-trust security model is especially useful by ensuring access is continuously verified, regardless of location or perceived trust," which is vital in politically complex environments.
Assessing supplier cybersecurity posture
Assessing supplier's and partners' cybersecurity posture is paramount for leaders such as COOs, CISOs, CIOs, and CFOs. Dave advises starting with visibility and accountability, reminding us that a strong third-party risk programme should go beyond checklists.
He also suggests segmenting vendors by criticality—what data they touch and how integrated they are—and tailoring the organisation's assessments accordingly.
"For high-risk partners, standard frameworks like ISO 27001 or MAS TRM are just the starting point; security rating tools and contract clauses like audit rights are essential for deeper assurance," he adds.
Dave emphasises continuous engagement, cautioning that it doesn't stop at onboarding. "Continuous monitoring, clear breach reporting expectations, and regular security dialogue are what turn paper compliance into real resilience," he elaborates. "Cyber risk needs to be treated like financial risk—reviewed regularly at the C-suite and board level, with clear ownership and consequences tied to it."
Nishiyama offers some practical steps: "To assess the cybersecurity posture of suppliers and partners, leaders must start with thorough vendor risk assessments. This begins with conducting a thorough vendor risk assessment to evaluate each partner's security practices, including certifications like SOC 2 Type 2 and ISO 27001, which indicate robust security standards."
He highlights the importance of enforcing the principle of least privilege and multi-factor authentication to minimise risk. "Leveraging cloud-native solutions that automate credential rotation and provide real-time monitoring is key to maintaining visibility over vendor access and ensuring compliance," he opines.
He posits that these solutions help ensure vendors adhere to security best practices and compliance standards, enabling organisations to detect weaknesses and respond quickly to suspicious activity."
These insights underscore that supplier cybersecurity assessment is an ongoing, dynamic process requiring technical controls and governance.
Enhancing visibility across supply chain networks
Visibility is foundational to managing cyber risks in supply chains. Dave outlines three key strategies: "Visibility begins with mapping. You can't secure what you don't know, so maintaining an accurate inventory of your digital supply chain, from your vendors and platforms to your dependencies, is fundamental," says Dave. This mapping enables pinpointing vulnerabilities and swift response.
He adds, "Layer on intelligence: AI and machine learning are becoming indispensable for detecting anomalies and anticipating disruptions. Leverage tools that can offer real-time threat alerts and risk scoring across vendors."
Finally, Dave stresses the importance of preparedness: "Run regular simulations to test your response plans. Visibility is only valuable if you can act on it under pressure."
Nishiyama reinforces the role of technology in visibility, advocating for "real-time security posture reporting and analytics platforms that provide continuous visibility into the organisation's overall cyber readiness."
He also highlights behavioural monitoring tools powered by AI that detect anomalies in user or system activity. These tools are particularly useful for flagging deviations from typical workflows at both network and application levels.
Technologies to improve supply chain resilience
Both experts agree that technology is a critical enabler of supply chain resilience. Dave states, "Zero Trust is no longer optional. In a world of distributed teams and fragmented systems, verifying every user, device, and access point is essential."
He also highlights Secure Access Service Edge (SASE) as "vital for complex supply chains" because it provides consistent security across locations.
Dave further points to AI and machine learning as indispensable for rapid threat detection: "AI and ML can detect threats at speed and scale no human team can match." He also sees blockchain as "an added layer of trust, especially in logistics—enabling tamper-proof records and secure data sharing."
Together, these technologies form a layered defence that is proactive, adaptive, and scalable.
Balancing cost and cybersecurity investments
Balancing cost considerations with the need for robust cybersecurity investments is a perennial challenge. Dave clarifies that security and cost are not opposing forces. "The most effective organisations use risk to guide spending, prioritising protection where the business impact is greatest," he counters.
He emphasises that "prevention is also cheaper than recovery—a well-placed investment in early detection or patch management saves millions in breach fallout."
He also advocates smart procurement: "Scalable, cloud-native security solutions reduce overheads while collaborating with supply chain partners on shared standards spreads the burden."
"Cyber security is a business enabler. When framed that way, it becomes easier to justify the spending. Not as a cost but an investment in continuity and trust," he concludes.
Nishiyama recommends that "5-15% of the IT budget be dedicated to cybersecurity, depending on the industry and threat exposure." He advises prioritising scalable tools, reducing manual overhead, and providing measurable ROI through increased productivity, faster threat response, and lower disruption risk.
"Scalable, cloud-first cybersecurity solutions can significantly enhance security while helping avoid the much higher costs of breaches, fines or supply chain downtime," he adds.
Final thoughts
Understanding the evolving threat landscape, managing geopolitical risks, rigorously assessing suppliers, enhancing visibility with AI-driven tools, adopting Zero Trust and PAM technologies, and balancing cost with strategic investment are all critical.
Allan is Group Editor-in-Chief for CXOCIETY writing for FutureIoT, FutureCIO and FutureCFO. He supports content marketing engagements for CXOCIETY clients, as well as moderates senior-level discussions and speaks at events.
Previous Roles
He served as Group Editor-in-Chief for Questex Asia concurrent to the Regional Content and Strategy Director role.
He was the Director of Technology Practice at Hill+Knowlton in Hong Kong and Director of Client Services at EBA Communications.
He also served as Marketing Director for Asia at Hitachi Data Systems and served as Country Sales Manager for HDS’ Philippines. Other sales roles include Encore Computer and First International Computer.
He was a Senior Industry Analyst at Dataquest (Gartner Group) covering IT Professional Services for Asia-Pacific.
He moved to Hong Kong as a Network Specialist and later MIS Manager at Imagineering/Tech Pacific.
He holds a Bachelor of Science in Electronics and Communications Engineering degree and is a certified PICK programmer.
