Cyber Budgets Surge as Mid-Market Firms in APAC Struggle with AI Security Gaps, Palo Alto Networks Report Finds

Singapore, 30 May 2025 — Cybersecurity is fast becoming a core business imperative for mid-market firms across Asia-Pacific and Japan (APJ), as digital transformation accelerates and the threat landscape grows increasingly complex. According to a new benchmark study released by Palo Alto Networks, organisations are stepping up investment—but key gaps remain, particularly around AI integration, cyber resilience and governance frameworks.

The 2025 Cybersecurity Resilience in Mid-Market Organisations report, developed in partnership with Tech Research Asia (TRA), is the first region-wide benchmark assessing cybersecurity maturity across 2,800 mid-sized businesses in 12 APJ markets. The study evaluates progress across five areas—strategic execution, business integration, operational readiness, solution maturity, and framework implementation—with an average regional score of 19.01 out of 25.

Singapore scored 19.28, trailing behind several of its ASEAN counterparts, and highlighting concerns around fragmented infrastructure, inconsistent framework adoption, and under-leveraged AI capabilities.

“Cybersecurity is no longer just an IT issue, it’s a business priority,” said Michelle Saw, Vice President, Ecosystems, Asia-Pacific and Japan at Palo Alto Networks. “Our benchmark study reveals that many mid-market organisations are still catching up. It also highlights the growing importance of partners, who must now evolve their offerings to focus more deeply on education, integration, AI adoption, and advanced technical expertise to better support customer needs.”

Cybersecurity Budgets Climb, But AI Capabilities Lag

Across the region, 57% of organisations plan to increase cybersecurity budgets within the next 12 months, with cybersecurity now accounting for 13.6% of overall IT spending, up from 6% in 2019. In Singapore, that figure is even higher, with cybersecurity making up 15.2% of revenue, reflecting heightened sensitivity to data protection and regulatory obligations.

Despite rising spend, AI adoption remains one of the weakest areas of performance. While cloud security, identity and access management (IAM), and SIEM systems are top investment priorities over the next 24 months, many organisations are still in the early stages of embedding AI-driven security into daily operations.

“The fast pace of innovation is outstripping the ability of some organisations to keep up,” said Steven Scheurmann, Regional Vice President for ASEAN at Palo Alto Networks. “To truly build cyber resilience, they need to embrace a more integrated, AI-driven platform approach that not only strengthens defences but also streamlines complexity.”

Partners Play Growing Role in Security Strategy

The benchmark study finds a significant surge in partner dependency—while 53% of companies currently use external partners for cybersecurity support, that figure is expected to rise to 79% within two years. In Singapore, nearly half (49%) are already engaging partners, with usage forecast to climb to 85%.

Tim Dillon, Founder and Principal Analyst at Tech Research Asia, noted:

“There remains substantial opportunity for partners to support continued progress, particularly in the areas of workforce education and training, identity and access management, and application and data security.”

Gaps in Governance and Framework Implementation

The report also flags inconsistent implementation of cybersecurity frameworks, with the NIST 2.0 standard emerging as the weakest-performing area across all five benchmark categories. Governance was Singapore’s lowest-scoring domain at just 3.65, pointing to a pressing need for clearer alignment between policy and practice.

Sectors leading the way in framework adoption include financial services, telecommunications, and utilities—industries where regulatory pressure and operational risk make cybersecurity a strategic necessity.

Moving Forward: Business-Driven, AI-Enabled Security

As mid-market firms double down on digital innovation, cybersecurity must evolve in parallel—becoming more strategic, better integrated, and increasingly AI-enabled. The findings underscore a critical inflection point: businesses must move beyond fragmented tools and reactive strategies, and towards unified platforms that enable proactive, intelligent defence.

Commissioned by Palo Alto Networks and completed in April 2025, the benchmark study provides mid-sized enterprises with a valuable lens to evaluate their cyber posture and chart a course towards more resilient, business-aligned security strategies.