Reinforcing digital defences in Asia in 2025

With the theme of Securing the Future: Empowering CISOs to Navigate Digital Disruption, 80% of security professionals attending the 2024 FutureCISO Conference identified data security as their number one focus. 57% of delegates also identified the lack of data visibility and control as the most serious threat to data protection strategies. As AI adoption continues to become the norm, 64% of security professionals voice concern that there remains a lack of understanding of AI as a cyber tool.

In observance of Data Privacy Week (27-31 January 2025), the National Cybersecurity Alliance (NCA) pointed out that our online activities create a treasure trove of data, encompassing our interests and purchases—all collected by websites, apps, devices, services, and companies around the world.

The growing cyber threat landscape

The rise in cyberattacks poses a formidable challenge for organisations today. Lim Hsin Yin, vice president of Sales - ASEAN at Cohesity, emphasises the urgency of re-evaluating data protection strategies. "As we mark World Data Privacy Day, the growing surge in cyber threats underscores the urgency to re-evaluate our approach to data protection," she states. Lim further advocates for proactive measures, such as AI-powered threat simulations and advanced encryption, to build true cyber resilience.

Traditional cybersecurity strategies are no longer sufficient to withstand determined external threats. Instead, businesses must anticipate and mitigate emerging risks by aligning with frameworks like the ASEAN Guide on AI Governance and Ethics. Such alignment fosters innovation and ensures a robust security posture, creating a foundation for sustained growth in a digital economy.

"Businesses must prioritise ethical AI and resilient data practices to protect critical systems. Doing so fosters enhanced credibility, ensures business continuity, and drives long-term growth in today's integrated digital ecosystem." Hsin Yin Lim

The minimum viable company concept

Darren Thomson, Field CTO EMEAI at Commvault, elaborates on the need for a shift in focus from mere defence against cyberattacks to ensuring rapid recovery. "Cyberattacks are not only increasing in volume but are also becoming alarmingly more sophisticated," he warns. Thomson introduces the concept of a 'minimum viable company'—the ability to sustain essential operations even amid a cyber crisis.

He notes that reliance on traditional backups is no longer adequate, as cybercriminals have adapted their strategies to compromise backup systems. "Having a minimum viable company requires the ability to restore critical systems in a secure, malware-free environment," he explains. For instance, virtual cleanrooms allow organisations to restore their systems swiftly and securely.

Thomson also highlights the importance of modern automation technology in streamlining the reconstruction of cloud applications, significantly reducing recovery times.

"This is the essence of true cyber resilience - the ability to recover, adapt, and maintain operations even in the face of a crisis - and is something organisations can no longer afford to ignore." Darren Thomson

Balancing innovation and data control

Data control has become increasingly critical in the rapidly evolving landscape of generative AI (GenAI). Acknowledging that GenAI presents unprecedented opportunities, Andy Zollo, senior vice president of Application and Data Security for Thales in Asia Pacific & Japan, says it also poses significant threats. "Maintaining proper data control is arguably the most important focus of all strategic security initiatives," he declares.

Zollo emphasises that focusing on data control can help businesses build trust with customers and establish a competitive advantage.

"These steps will enable businesses to deepen customer trust, strengthen organisational resilience through better threat management, and improve ROI from generative AI and cloud investments." Andy Zollo

As organisations navigate the complexities of new technologies, the importance of embedding strong data control measures into their strategic initiatives cannot be overstated. This focus will mitigate risks associated with data breaches and enhance customer loyalty in an era characterised by heightened awareness of data privacy.

Navigating the regulatory landscape

The regulatory environment in Asia is evolving rapidly, with new frameworks emerging to govern data privacy. Clement Lee, security architect APAC at Check Point Software Technologies, notes that awareness around data privacy is gaining momentum across the region. He points to key regulations, such as India's Digital Personal Data Protection Bill and Singapore's revised Personal Data Protection Act, as reshaping the governance of personal data.

Lee warns that the evolving regulatory landscape presents challenges for multinational organisations, particularly in the context of varying definitions of sensitive data and cross-border data transfer restrictions. "Strong leadership is fundamental in fostering a privacy-centric culture," he states.

He encourages executives to advocate for privacy at the board level, signalling to regulators and customers that data protection is a priority. Organisations can protect their reputations and enhance compliance with regional laws by investing in cross-functional data governance teams and embedding privacy impact assessments early in project lifecycles.

The future of data privacy in Asia

The enforcement of data protection regulations in Asia will likely intensify, accompanied by higher penalties for non-compliance. Lee stresses the importance of adopting privacy-enhancing technologies, post-quantum encryption, and zero-trust security models as integral components of an organisation's data protection strategy.

"To stay ahead, businesses must map data flows comprehensively, harmonise compliance across jurisdictions, and maintain proactive communication with regulators. In an age where personal data is an invaluable asset, robust privacy practices will meet legal requirements and strengthen the trust that underpins enduring relationships with customers and partners." Clement Lee

A call to action for businesses

Artificial intelligence, GenAI, is predicted to see the most significant spending gains in 2025, with cybersecurity not far behind.

As consumers, businesses, and governments transition to becoming digital natives, the CSA reminds us that while we cannot control how each piece of data is collected, we still have a right to data privacy and can help manage our data with a few repeatable behaviours.

As we celebrate Data Privacy Day 2025, businesses in Asia must recognise data protection and privacy's critical role in their operations. With cyber threats becoming more sophisticated and regulatory requirements continually evolving, organisations must prioritise proactive measures, rapid recovery strategies, and strong data control frameworks.

Leaders must foster a data protection culture within their organisations, investing in innovative technologies and processes that enhance resilience against cyber threats. By doing so, they will comply with the regulatory landscape and build lasting relationships with customers based on trust and transparency.

In this new digital transformation era, data privacy is not merely a compliance obligation but a strategic imperative that can drive competitive advantage and long-term growth. As organisations navigate the complexities of an interconnected world, prioritising data protection will be key to thriving in 2025 and beyond.