Use AI-driven security to navigate risks and workforce challenges

As artificial intelligence (AI) rapidly transforms industries, organisations across Asia are grappling with the dual challenge of harnessing its potential while mitigating cybersecurity risks.

In a discussion between Kenny Yeo, director, Global Cyber Security Advisory and head of Asia Pacific Cyber Security Practice at Frost & Sullivan, and Jenny Tan, the immediate past president of ISACA Singapore Chapter, key insights emerged on why businesses are embracing AI despite its nascent stage, how cybersecurity practices must evolve, and what steps leaders must take to ensure compliance and workforce readiness.

The AI Attraction: Competitive edge and talent magnetism

Despite AI’s relative immaturity in cybersecurity, Asian enterprises are aggressively investing in the technology. According to Tan, much of this enthusiasm stems from a desire to stay competitive. "A big portion of their consideration is to be seen as staying ahead," she notes.

Additionally, companies hope AI adoption will make them more attractive to top talent, particularly in a region where digital transformation is accelerating. Some are even betting on unexpected breakthroughs—akin to "black swan" events—where AI investments yield unforeseen advantages.

Yeo echoes this sentiment but emphasises a more strategic approach. "AI holds huge promise, but organisations must first ask: How can we derive business value from AI?" He points to Frost & Sullivan’s research, which highlights that successful AI adoption begins with aligning technology to core business objectives rather than chasing trends.

This perspective aligns with findings from Boston Consulting Group (BCG), which reports that Asia-Pacific (APAC) is now second only to North America in AI adoption, driven by CEOs who champion AI as a strategic priority. However, BCG warns that without clear business alignment, AI initiatives risk becoming costly experiments rather than value drivers.

Cybersecurity in the AI era: Promise and peril

While AI offers enhanced threat detection and response capabilities, Tan cautions against over-reliance on untested tools.

“I don't believe in "simply using technology to solve technology issues" especially when "untested" technology is being deployed. This may bring technical challenges closer to home when you think of edge and the risk will heighten.” Jenny Tan

The lack of skilled professionals exacerbates the problem—many organisations adopt a "trial-and-error" approach, leaving security gaps at the edge and device levels.

Yeo acknowledges AI’s potential to counterbalance the global cybersecurity skills shortage but stresses the need for proactive testing.

"Each organisation is different," he says, urging businesses to validate AI solutions in their unique environments rather than passively waiting for outcomes or taking a “wait and see” approach.

This challenge is underscored by Hitachi Vantara’s research, which reveals that only 32% of AI models in Asia produce accurate outputs due to poor data quality and unstructured information. Furthermore, 44% of Asian firms cite data security as their top concern, with India and Indonesia facing even higher risks.

Aligning cybersecurity with business goals and regulations

To ensure AI-driven security aligns with organisational objectives, Tan advocates for a cybersecurity strategy embedded in senior management’s balanced scorecard. "Security by design and compliance by design must be foundational," she asserts, emphasising governance frameworks that integrate regulatory adherence from the outset.

Frost’s Yeo agrees but warns against treating compliance as the end goal. "Organisations must shift from meeting regulations to actively protecting data—and eventually leveraging cybersecurity as a business differentiator," he says.

This proactive stance is critical in Asia, where regulatory fragmentation complicates AI governance. For instance, Singapore and Australia lead in AI policy, while India and ASEAN nations lag, creating inconsistencies in security implementations.

IDC’s Unified AI Governance Model offers a solution, advocating for transparency, security resilience, and human oversight in AI deployments. The model stresses the need for AI Bills of Materials (AI BoM) to track data provenance and compliance—a practice gaining traction among APAC enterprises.

Workforce development: Bridging the skills gap

A recurring theme in the discussion is the acute shortage of AI-skilled cybersecurity professionals. Tan proposes structured upskilling programs, with general awareness training for all employees and specialised modules for high-risk functions.

“HR may be able to work with specialists to design a profiling tools to target certain functions with purpose-fit training accordingly,” she continues.

Yeo adds that senior management must improve their cybersecurity literacy to drive meaningful change. "Buy-in is crucial," he says, highlighting the role of leadership in fostering a security-conscious culture.

This aligns with Deloitte’s findings (see Figure 1) that younger employees (dubbed "Generation AI") are driving adoption, often without managerial awareness, creating a disconnect between grassroots experimentation and organisational strategy.

A phased roadmap for cybersecurity modernisation

Implementing AI-driven security requires a structured, risk-based approach. ISACA Singapore’s Tan emphasises the need for CISOs to build alliances with senior leadership to secure budgets and strategic support. “Perhaps with the alliance support and outlining the strategic alignment of such a roadmap may expedite its rollout,” she posits.

Yeo recommends a phased modernisation plan anchored in threat assessment:

“Adopting a risk-based approach will be important. What is the risk scorecard for threats today, as well as potential emerging threats tomorrow? How can these threats be actively managed with the use of modern technology? How can this be implemented in a phased plan?” Kenny Yeo

 This mirrors SymphonyAI’s guidance for financial institutions, which advocates incremental AI adoption—starting with high-impact areas like fraud detection and transaction monitoring before scaling enterprise-wide.

Balancing innovation and risk

What can we conclude from this? The reality facing CISOs and their security teams is that AI-driven security in Asia is both an opportunity and a minefield. This needs to be clearly conveyed to leadership and the Board.

While the region leads in adoption, challenges like data quality, regulatory fragmentation, and workforce gaps threaten to undermine progress. To succeed, organisations must:

1. Align AI with business value, not just trends.
2. Test AI solutions proactively in real-world environments.
3. Embed security and compliance into core strategies.
4. Invest in upskilling to bridge the talent divide.
5. Adopt phased, risk-based modernisation with leadership buy-in.

As IDC’s Sakshi Grover notes, "Responsible AI governance is non-negotiable." With cyber threats evolving alongside AI capabilities, Asia’s enterprises must navigate this complex landscape with both ambition and caution—or risk falling behind in the race for digital resilience.