A new global study by Cohesity, a leader in AI-powered data security and resilience, shows that financial ripple effects of cyberattacks now extend well beyond operational disruption, reshaping boardroom priorities, financial planning, and growth strategy.
According to the report, “Risk-Ready or Risk-Exposed: The Cyber Resilience Divide,” nearly three-quarters (76%) of Asia Pacific (APAC) organisations have experienced at least one material cyberattack – defined in the survey as an incident that caused measurable financial, reputational, operational, or customer churn impact.
- 73% of publicly traded companies in APAC reported adjusting earnings or financial guidance after an attack.
- 69% said they observed an impact on their stock price.
- 74% of privately held firms redirected budgets from innovation and growth initiatives.
- 96% reported experiencing legal, regulatory, or compliance consequences, including fines, lawsuits, or other enforcement actions.
“These findings show that cyberattacks now touch every part of an organisation, testing even the most well-prepared as aftershocks spread beyond technical recovery,” said Sanjay Poonen, chief executive officer and president, Cohesity. “When incidents compel companies to rethink forecasts, absorb market reactions, and redirect budgets, cyber resilience is no longer just a technology issue. It’s a business and financial imperative.”
A New Financial Reality for Cyber Resilience
While only a small number of public companies have formally disclosed changes to earnings guidance following a cyber incident, the high percentages seen in this research indicate that respondents view material cyberattacks as producing broader financial strain and operational consequences than what public filings typically capture.
This disconnect between market perception and organisational reality is likely influenced by limited disclosure requirements, narrow investor definitions of materiality, and the underestimation of intangible losses such as brand trust, customer churn, supply chain impacts and decreases in productivity.
The research also points to a shift in how enterprises treat cyber risk. While prevention and detection remain priorities, the true differentiator lies in how quickly organisations can recover with confidence and how effectively leaders can reassure markets, regulators, and customers after an incident. Nearly half of surveyed APAC leaders (48%) and Singapore leaders (52%) expressed complete confidence in their resilience1 strategies, even as costly attacks continue to produce measurable financial fallout.
According to respondents, companies’ cyber resilience strategies are under mounting pressure amid a worsening threat environment. Results indicate that data recovery remains a significant challenge in the region: 97% of APAC respondents said it takes their organisations more than 24 hours to restore data from backups after a cyberattack, with 12% needing at least a week. In Singapore, the figures were similarly high, at 94% and 18% respectively.
Ransom Payments Persist with Cybercriminals Cashing In
The business impact is undeniable. Nearly 9 in 10 (89%) APAC organisations paid a ransom in the past year (40% paying US$1,000,000 or higher), with 90% reporting revenue impact and 45% facing moderate or significant customer impact.
In Singapore, the impact was even higher with 91% paying a ransom in the past year (48% paying US$1,000,000 or higher), 95% reporting revenue impact and 53% facing moderate or significant customer impact respectively.
This underscores that resilience gaps directly translate into financial and reputational damage.
The Key Hurdles Teams Faced
The most common challenge experienced during a cyberattack was the inability to communicate or coordinate internally due to critical systems being down – such as email, collaboration tools, and ticketing platforms – cited by 52% of APAC respondents and 59% of those in Singapore.
Coordination remains a key weakness, with 66% of APAC and 77% of Singapore organisations acknowledging misalignment across IT, security, legal, and business operations when responding to cyber incidents.
Another common challenge faced was recovery followed by reinfection due to incomplete threat eradication, with 42% of APAC respondents reporting this and 44% in Singapore.
GenAI Adoption Accelerates Beyond Risk Tolerance
The study additionally highlights a parallel challenge. As enterprises integrate new forms of AI into daily operations, many IT functions are struggling with the speed and scale of GenAI adoption. Eighty-four percent of APAC and Singapore IT and security leaders said GenAI is advancing faster than their organisations can safely manage risks. Yet most also recognise its broader transformative potential.
“Cyber resilience is critical and cannot be treated the same way as traditional disaster recovery. Organisations today need to master the AI and security paradox. AI-ready data that is trusted, protected, and resilient will enable organisations to innovate confidently without increasing risk exposure,” said Lim Hsin Yin, Vice President, Sales – ASEAN, Cohesity.
Resilience as Competitive Advantage
Cohesity’s findings underscore that cyber resilience is fundamental to financial health, leadership and customer confidence. The organisations that outperform competitors today and in the future are those that can recover faster, remove threats, and maintain stakeholder trust when the inevitable disruptions occur. See Cohesity’s five-step action plan for practical steps to strengthen cyber resilience.
1 Respondents were provided with the NIST definition of cyber resiliency at the start of the survey: “The ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources. Cyber resiliency is intended to enable mission or business objectives that depend on cyber resources to be achieved in a contested cyber environment.”
About the Research
Findings are based on a survey of 3,200 IT and security decision makers commissioned by Cohesity and conducted by Vanson Bourne in September 2025. Respondents represent organisations in the US, Brazil, UK, Germany, France, UAE, Australia, South Korea, Japan, India, and Singapore. The organisations had 1,000 or more employees and came from a range of public and private sectors.
Legal Disclaimer: The Editor provides this news content "as is," without any warranty of any kind. We disclaim all responsibility and liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. For any complaints or copyright concerns regarding this article, please contact the author mentioned above.
