The ‘Kudzu’ of Cybercrime: APAC Businesses Confront an Alarming Surge in System Intrusions
In a troubling development for businesses across the Asia Pacific (APAC) region, a recent report has illuminated a significant escalation in data breach incidents, particularly stemming from system intrusions. The ever-increasing reliance on third-party partners has led to a growing perimeter of vulnerability for organizations, raising the ante for cybersecurity threats.
According to the latest findings presented in Verizon’s 2025 Data Breach Investigations Report, a staggering 83% of businesses that reported data breach incidents in APAC have attributed these violations to system intrusions. These intrusions, often characterized as ‘hacking attacks,’ occur when unauthorized individuals access a computer system to modify, delete, or add data—actions that can severely impact organizational integrity and client trust.
The report starkly outlines that system intrusions in the APAC region have surged by over one-third, specifically 38%, since 2024. The language of the report underscores the gravity of the situation, stating, “The system intrusion pattern dominates the APAC threat landscape by a considerable margin.” This raises alarming questions about the sophistication and staggering success of these cyberattacks.
Further complicating the security landscape is the persistent allure of ransomware for cybercriminals. Verizon identifies ransomware attacks as particularly lucrative for hackers, with the potential to hold an organization’s data hostage, either by encrypting it or threatening to release it. Given the financial profitability of such actions, the report suggests that ransomware will likely maintain its status as a principal attack vector, not only in the Asia Pacific region but globally.
Looking specifically at industries most affected, the financial services and insurance sectors are prominently targeted by these system intrusions. Additionally, malware incidents related to data breaches have skyrocketed from 58% the previous year to an alarming 83% in the current year, predominantly disseminated via email threats.
Intriguingly, the threat actor landscape in APAC appears to be almost exclusively external, with the report indicating that nearly 100% of the identified threat actors are outside entities. Specifically, in this region, 80% of these actors are linked to organized crime, while 33% are associated with state-affiliated groups. The report further identifies critical attack vectors, revealing that 55% of breach victims had compromised credentials, while 51% reported ransomware installation and 37% cited exploited vulnerabilities.
One notable trend highlighted in the report is the disparate impact ransomware attacks are having on small and medium-sized enterprises (SMEs). Ransomware incidents account for 88% of all breach attempts against SMEs, compared to 39% against larger corporations. Despite this troubling trend, the report does offer a glimmer of hope: Verizon found that the median amount paid to ransomware groups has decreased from $150,000 to $115,000. Additionally, 64% of victim organizations reported they did not pay ransoms, a marked increase from 50% just two years prior.
Verizon draws attention to the familiar pattern of hacking through stolen credentials followed by ransomware installation, which remains a cornerstone of why the system intrusion phenomenon is so prevalent. In contrast, other attack modalities that once dominated the cyber landscape are showing signs of decline. Social engineering attacks, which accounted for 69% of breaches in previous reports, have dropped to a mere 20%. Similarly, basic web application attacks have fallen from 26% to just 11%.
Describing system intrusions as the “kudzu of cybercrime,” Verizon aptly illustrates the suffocating nature of this trend, suggesting it is effectively overshadowing all other forms of cyberattacks. The increase in system intrusions is also echoing a rise in attacks targeting third-party partners, emphasizing the inherent risks that accompany supply chain and partnership ecosystems. Notably, breaches associated with third parties have doubled from around 15% last year to a concerning 30% this year.
In response to these evolving threats, Verizon’s Business regional Vice President for Asia Pacific, Robert Le Busque, emphasized the critical need for organizations to reassess their risk management frameworks. The report underscores the mounting complexity and durability of cyber threats facing organizations, particularly in the Asia Pacific region, where external agents are increasingly targeting vital infrastructure and exploiting vulnerabilities among third-party partners.
As businesses navigate this perilous landscape, the insights provided in the report serve as an urgent call to action for organizations to take a proactive stance in reinforcing their cybersecurity measures to combat this growing menace.