New report reveals mid-market organisations in Asia-Pacific and Japan are increasing cybersecurity investments, but face critical gaps in AI adoption, cyber resilience, and framework implementation
SINGAPORE – May 6, 2025 – Palo Alto Networks, the world’s leading AI cybersecurity company, today released the 2025 Cybersecurity Resilience in Mid-Market Organisations, a benchmark study, offering a first-of-its-kind view into how mid-market organisations across Asia-Pacific and Japan are evolving their cybersecurity capabilities in the face of growing threats and accelerating digital transformation.
While mid-market organisations in the Asia-Pacific and Japan are making tangible progress in strengthening their cybersecurity posture, key challenges remain. Many organisations are still in the early stages of operationalising AI within their security workflows, and gaps persist in areas such as incident recovery and cyber resilience. Additionally, the complexity of managing multiple tools and fragmented environments continues to hinder efficiency. Addressing these issues will require a more unified, platform-based approach that integrates AI-driven capabilities to enhance performance, streamline operations, and strengthen protection across the board.
“Cybersecurity is no longer just an IT issue, it's a business priority. As threats grow more sophisticated and AI reshapes the threat landscape, our benchmark study reveals that many mid-market organisations are still catching up,” said Michelle Saw, Vice President, Ecosystems, Asia-Pacific and Japan at Palo Alto Networks. “This study helps mid-market organisations see where they stand and take the steps needed to achieve stronger security outcomes. It also highlights the growing importance of partners—who must now evolve their offerings to focus more deeply on education, integration, AI adoption, and advanced technical expertise to better support customer needs.”
Key findings from the study:
- Partners matter more than ever: 79% of companies say they will rely on partners to support cybersecurity efforts within two years - up from 53% today.
- Cyber budgets are on the rise: 57% of organisations plan to increase cybersecurity spending over the next 12 months. Cyber now accounts for 13.6% of total IT budgets, up from just 6% in 2019.
- AI adoption lags behind investment: Despite growing awareness, organisations cited AI-related capabilities as one of the lowest performing areas in their cybersecurity programs.
- Cloud security, IAM and SIEM top the priority list: Over the next 24 months, these are the most cited areas for new or increased investment.
- Framework implementation is inconsistent: Adoption of NIST 2.0 received the lowest score among the five benchmark categories, underscoring a need for clearer guidance and support. Sectors leading the understanding and adoption of NIST 2.0 and other frameworks include financial services, telecommunications and utility companies.
Key regional highlights:
- India leads the region with a score of 20.3, followed by Indonesia (20.65) and Philippines (20.21).
- Japan trails the region with a score of 16.67, pointing to a greater need for investment in cybersecurity capabilities and organizational alignment.
- Countries like China, Vietnam, and Malaysia are showing strong momentum in both investment and framework adoption.
“The research indicates that mid-market organisations in the region have made notable advancements in strengthening their cybersecurity posture,” said Tim Dillon, Founder, Director, Principal Analyst End User at Tech Research Asia. “However, there remains substantial opportunity for partners to support continued progress, particularly in the areas of workforce education and training, identity and access management, and application and data security.”
The Cybersecurity Benchmark for Asia-Pacific and Japan, developed in collaboration with Tech Research Asia (TRA), surveyed over 2,800 mid-sized organisations across 12 countries and a range of industries. It offers a snapshot of the region’s cybersecurity maturity and provides practical guidance for improvement. With evaluating performance across five key areas; strategy execution, business integration, operational capabilities, solution maturity, and NIST 2.0 framework adoption, the average score was 19.01 out of 25. While this indicates a moderate level of maturity, the findings reveal clear opportunities to strengthen AI readiness, boost ransomware resilience, and advance framework implementation. This Tech Research Asia Insights Report Asia-Pacific and Japan Edition was commissioned by Palo Alto Networks and completed in April 2025
For more information 2025 Cybersecurity Resilience in Mid-Market Organisations Study, visit: https://www.paloaltonetworks.com/industry/japac-mid-market-solutions
About Palo Alto Networks
As the global cybersecurity leader, Palo Alto Networks (NASDAQ: PANW) is dedicated to protecting our digital way of life via continuous innovation. Trusted by organizations worldwide, we provide comprehensive AI-powered security solutions across network, cloud, security operations and AI, enhanced by the expertise and threat intelligence of Unit 42. Our focus on platformization allows enterprises to streamline security at scale, ensuring protection fuels innovation. Discover more at www.paloaltonetworks.com.
Palo Alto Networks, Prisma, Prisma AIRS, AI Runtime Security, and the Palo Alto Networks logo are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names, or service marks used or mentioned herein belong to their respective owners.
This press release contains forward-looking statements that involve risks, uncertainties and assumptions, including, without limitation, statements regarding the benefits, impact, or performance or potential benefits, impact or performance of our products and technologies or future products and technologies. These forward-looking statements are not guarantees of future performance, and there are a significant number of factors that could cause actual results to differ materially from statements made in this press release, including, without limitation: developments and changes in general market, political, economic, and business conditions; risks associated with managing our growth; risks associated with new products and subscription and support offerings; shifts in priorities or delays in the development or release of new offerings, or the failure to timely develop, release and achieve market acceptance of new products and subscriptions as well as existing products and subscription and support offerings; failure of our business strategies; rapidly evolving technological developments in the market for security products and subscription and support offerings; our customers' purchasing decisions and the length of sales cycles; our competition; our ability to attract and retain new customers; and our ability to acquire and integrate other companies, products, or technologies. We identify certain important risks and uncertainties that could affect our results and performance in our most recent Annual Report on Form 10-K, our most recent Quarterly Report on Form 10-Q, and our other filings with the U.S. Securities and Exchange Commission from time-to-time, each of which are available on our website at investors.paloaltonetworks.com and on the SEC's website at www.sec.gov. All forward-looking statements in this press release are based on information available to us as of the date hereof, and we do not assume any obligation to update the forward-looking statements provided to reflect events that occur or circumstances that exist after the date on which they were made.