Almost all the cyberattacks in the APAC region now come from external threat actors like organised crime syndicates and state-affiliated actors, according to new analysis of thousands of incidents.
Espionage emerged as a key driver in the region in 2025, behind one in three APAC attacks and nearly double the global average, while systems intrusion is now the favoured attack method.
The findings are in Verizon’s 2025 Data Breach Investigations Report (DBIR), which analysed more than 22,000 security incidents and more than 12,000 data breaches.
In the APAC region, analysis of around 2,700 incidents found the distribution has become “monochromatic”, with 99 per cent of attacks now external. Of these external attackers, 80 per cent are linked to organised crime and 33 per cent are state-affiliated actors.
Vice president for APAC Verizon Business Group Rob le Busque said the findings are a “warning sign” for Australian organisations and reveal the changing motives and methods of attackers in the region.
“We should assume that Australia is a high-value state target for state-aligned actors… These growing threat trends intersect with Australia’s expanded critical digital infrastructure and broader geopolitical tensions,” Mr Le Busque said.
The report shows espionage is particularly high in the mining and utilities sectors, where 55 per cent of data breaches are motivated by this approach and almost half (49 per cent) of data lost were secrets.
“It’s also important to note that there’s a 68 per cent annual increase in third-party breaches, which is a concern for the country’s export-reliant industries, which are increasingly reliant on global partners and supply chains,” Mr Le Busque said.
“So patterns like zero-day exploits and credential theft – involved in 69 per cent of APAC breaches, should be of key concerns.
“Australia simply can’t afford a ‘she’ll be right’ mindset in cyberspace.”
The findings come the same week that Labor and Liberal election campaigns announced trade and national security measures such as shoring up critical minerals reserves and increasing defence spending amid geopolitical tensions.
“Whether it’s AI, chip manufacturing, or submarine cables, these aren’t just technical resources anymore but should be considered national assets. And in a world where infrastructure equals influence, complacency is not an option, Mr Le Busque said.
“If policy, government, and business stakeholders aren’t actively discussing threat scenarios, response protocols, and recovery strategies, they’re not preparing — they’re hoping.”
The report said cyber criminals are exploiting data breaches immediately for financial gain, but can also commandeer digital infrastructure, and will “use those spoils to further more espionage in the future”.
“State-aligned actors aren’t always here to cause visible disruption. They get in, stay quiet, and wait,” Mr Le Busque said.
“That kind of stealth isn’t about creating noise but about building future leverage. Technology has moved well beyond being a productivity tool, it’s now the frontline of global strategy.”
Other online threats identified in the report included a surge of system intrusions across the APAC region, with these attacks more than doubling to “an eye-popping 83 per cent of all breaches”.
Malware increased from 58 per cent of breaches last year in APAC to 83 per cent this year, with ransomware accounting for 51 per cent.
With the breaches increasingly yielding dividends for attackers and disrupting the lives of victims, Mr Le Busque said a more holistic approach to cybersecurity is needed.
“We need to ingrain that cybersecurity today isn’t just about stopping the next breach. It’s about protecting our way of life. It’s about continuity, confidence, and national resilience,” said Mr Le Busque.
Do you know more? Contact James Riley via Email.