Darktrace’s Annual Threat Report 2026 highlights identity as the primary attack vector, a finding that resonates deeply with Asia‑Pacific CISOs navigating rapid cloud and SaaS adoption in 2026.
The report notes a 20% rise in publicly disclosed vulnerabilities in 2025, yet attackers increasingly exploit credential abuse and identity‑led intrusions rather than chasing traditional software flaws.
For Asia, where multi‑cloud strategies and extended enterprise identities are common, this shift reinforces the need to prioritise identity security, zero trust, and continuous behavioural analytics across distributed environments.
The report reveals that 2025 phishing activity remained high, with 32 million phishing emails detected globally and a 28% rise in QR code‑based attacks.
In Asia, where both banking ecosystems and consumer‑facing services are rapidly digitising, phishing and credential theft represent immediate risk to user accounts, cloud access, and third‑party integrations.
The expansion of cloud and SaaS usage means compromised identities can unlock broad access across Microsoft 365, SaaS platforms, and DevOps environments, amplifying impact even without traditional malware.
Darktrace’s regional framing underscores a critical Asia-specific challenge: attackers increasingly leverage high‑value accounts and privileged credentials to move laterally within cloud and on‑premises networks. This translates into heightened emphasis on identity governance, federated access controls, and AI‑driven anomaly detection that operates at machine speed to identify subtle deviations in user and service behaviour.
Cloud interconnectivity compounds risk. The report notes Azure as the most targeted cloud provider, with GCP and AWS following. Contingent on Asia’s own cloud footprint—spanning public, private, and hybrid deployments—CISOs should favour controls that provide real‑time visibility into cross‑cloud entitlements, automated containment, and rapid incident recovery.
The emergence of AI‑assisted credential abuse further stresses the need for autonomous containment, continuous verification, and zero‑trust architectures that can adapt to evolving workloads and non‑human identities.
Key takeaway for Asia’s security leaders: bridge traditional controls with behavioural AI to detect and respond to identity abuse at cloud scale.
Boards will expect assurances of resilience, not just control coverage. Organisations that can operationalise threat intelligence into automated containment—and demonstrate rapid recovery in cloud‑first, distributed environments—will maintain business continuity amid accelerating risk.
