APAC firms to boost threat intelligence spend, embrace AI by 2026

New research from Forrester finds that a significant majority of senior security decision-makers in the Asia Pacific (APAC) region are planning to increase their threat intelligence budgets in 2026, indicating a shift towards proactive cybersecurity strategies.

The Forrester report, "The Top Trends Shaping Threat Intelligence In Asia Pacific," reveals that 79% of senior security leaders in APAC intend to boost their spending on threat intelligence. This figure surpasses that of their counterparts in Europe and North America, where 71% and 77%, respectively, plan similar increases.

Shift to intelligence-led defence

The research highlights a movement away from traditional, reactive models of cybersecurity towards more intelligence-led approaches. This trend is driven by the rapidly evolving and region-specific threat landscape in APAC. The report notes that the adoption of intelligence-led security is becoming essential for organisations to remain resilient against increasingly sophisticated cyber threats.

One of the key challenges identified in the region is a pronounced shortage of cybersecurity talent. To address this, APAC organisations are integrating artificial intelligence (AI) into their threat intelligence operations. These AI-powered platforms are said to significantly enhance efficiency, reducing the time required for analyses and investigations. For example, CyberSecurity Malaysia used large language models to speed up report generation, while CyCraft's AI virtual analysts reduced investigation times from 3.5 days to just 15 minutes.

Detecting advanced persistent threats

The report also highlights the particular importance of threat intelligence in detecting and mitigating advanced persistent threats (APTs) in APAC. The region's geopolitical status and rapid digital transformation have made it a prominent target for nation-state-backed groups such as Lazarus Group and Dark Pink. This is especially significant for sectors including government, financial services, and energy, where the ability to identify and counteract APTs is increasingly viewed as a necessity.

Addressing regulatory complexity

Regulatory fragmentation is another driver of threat intelligence investment in APAC. With frameworks ranging from Singapore's Cybersecurity Act to Australia's Notifiable Data Breaches Scheme, organisations must comply with a complex and diverse set of legal requirements. According to the report, threat intelligence is helping firms meet these requirements by enhancing monitoring and reporting capabilities, managing reputational risk, and supporting prompt incident response.

Fraud and brand protection

The report finds that a surge in digital adoption has also been accompanied by increased cyber fraud and brand impersonation across APAC. Organisations are using threat intelligence solutions to address issues such as phishing attacks, data leaks, and attempts to compromise accounts. For instance, Gojek employs Group-IB's dark web research tools to identify fraudulent schemes, including the use of deepfake emulators and malicious scripts targeting its mobile apps and application programming interfaces (APIs).

AI's role in cyber operations

Generative AI is described as transforming how threat intelligence is operationalised in APAC organisations. Key applications include automated vulnerability identification, AI-driven alert triage, and the aggregation of threat data from multiple sources. This integration is enabling faster and more accurate threat detection, as well as streamlining broader security operations.

"The cybersecurity landscape in APAC is evolving at an unprecedented pace and organisations can no longer afford reactive security models," said Meng Liu, Senior Analyst at Forrester. "Threat intelligence, powered by AI and localised insights, is now a strategic imperative for businesses and government agencies seeking to protect their digital assets, comply with regulations, and stay ahead of increasingly sophisticated threat actors. Security leaders must prioritise platforms that deliver contextual intelligence, integrate seamlessly with existing operations, and support compliance across diverse jurisdictions."

Meng Liu's recent blog includes an interview with Tae Kim, Head of Threat Management at Coupang, who shared insights on constructing an intelligence-led cybersecurity programme. Coupang's approach involves embedding intelligence at every layer of security, encompassing vulnerability management, fraud detection, and defence against nation-state threats. This model is cited as an example for Chief Information Security Officers (CISOs) in the region facing similar pressures.

Forrester's predictions for 2026 suggest that ongoing political instability, combined with technological advances used by cybercriminals, will require security, risk, and privacy leaders to adapt not only their technological infrastructure but also to ready their workforce for new and emerging threats.