Cybercriminals are increasingly harnessing artificial intelligence (AI) to execute stealthy, high-speed attacks that are overwhelming under-resourced cybersecurity teams in Singapore and across the Asia-Pacific region, a new IDC study commissioned by Fortinet has revealed.

According to the research, over half of Singaporean organisations encountered AI-enabled threats in the past year, with many reporting these attacks have doubled or even tripled in frequency. From deepfake impersonations to AI-automated exploit development, these threats are exposing gaps in visibility, governance, and infrastructure that traditional security tools are ill-equipped to defend against.

“Reactive security is no longer enough – predictive, intelligence-driven operations must become the norm,” said Simon Piff, Research Vice-President at IDC Asia-Pacific, highlighting the urgency for AI-accelerated defence strategies.

Rising Risks, Limited Defences

Despite the growing frequency and complexity of cyberattacks, only 18 per cent of Singaporean firms expressed strong confidence in their ability to defend against AI-powered threats. One in 20 admitted they have no way to track such threats at all.

Common AI-fuelled tactics include deepfake-led business email compromise (BEC), polymorphic malware, and adversarial AI targeting zero-day vulnerabilities. These sophisticated incursions are becoming harder to detect, with many exploiting human errors, misconfigurations, and identity loopholes.

Traditional threats such as phishing and malware persist, but newer risks like software supply chain attacks (74%), ransomware (70%) and cloud vulnerabilities (52%) are emerging as the more disruptive and difficult to manage. Breaches are not just technical problems – 72 per cent of affected organisations reported a loss of customer trust, while 52 per cent faced financial losses, with one in three exceeding US$500,000 in damage.

Resource-Strapped Teams Under Siege

The study underscores that many cyber teams are struggling under pressure. Just 7 per cent of an average organisation’s workforce is dedicated to IT, and only 13 per cent of those focus on cybersecurity – leaving most firms with less than one full-time cybersecurity professional for every 100 employees.

Only 15.6 per cent have a dedicated Chief Information Security Officer (CISO), and fewer than 7 per cent boast specialised teams for functions like threat hunting. This shortage, combined with growing attack volumes and increasingly complex toolsets, is contributing to staff burnout and gaps in cyber readiness.

Spending Shifts, but Gaps Persist

While awareness is rising, cybersecurity spending remains cautious. Organisations allocate just 15 per cent of IT budgets to cybersecurity – equivalent to around 1 per cent of total revenue. Although 86 per cent of firms report increased cyber spending, most hikes remain below 10 per cent.

Current priorities lean toward strategic capabilities like identity security, Zero Trust, and cyber resilience. However, areas such as OT/IoT security, DevSecOps, and training remain underfunded, leaving operational vulnerabilities exposed.

“Complexity is now the new battleground in cybersecurity – and AI is both the challenge and the frontline defence,” said Jess Ng, Fortinet’s Country Head for Singapore and Brunei. “Our focus is on helping customers shift from piecemeal defences to AI-powered security that’s built for scale and sophistication.”

Security-Conscious Consolidation

An encouraging 96 per cent of organisations in Singapore are already consolidating or evaluating convergence between networking and security, aiming to simplify infrastructure and improve threat detection.

However, tool fragmentation remains a significant hurdle, with nearly half of respondents citing integration issues. Organisations are turning to vendor consolidation as a strategic move, citing benefits such as faster support, cost savings, and better security visibility.

Rashish Pandey, Fortinet’s Vice President of Marketing and Communications for Asia & ANZ, noted: “The focus is moving beyond infrastructure to more strategic areas like identity, resilience, and access. At Fortinet, we’re helping customers reframe cybersecurity as a long-term business enabler – not just a line of defence.”