Mid-market organizations across Asia-Pacific and Japan are ramping up cybersecurity investments, yet critical gaps remain in artificial intelligence (AI) adoption, cyber resilience, and framework implementation, according to Palo Alto Networks’ 2025 Cybersecurity Resilience in Mid-Market Organizations study.
The benchmark study — the first of its kind — surveyed over 2,800 mid-sized companies across 12 countries in partnership with Tech Research Asia, offering a comprehensive snapshot of the region’s cybersecurity landscape.
“Cybersecurity is no longer just an IT issue, it’s a business priority. As threats grow more sophisticated and AI reshapes the threat landscape, our benchmark study reveals that many mid-market organizations are still catching up,” said Michelle Saw, Vice President, Ecosystems, Asia-Pacific and Japan at Palo Alto Networks.
Palo Alto Networks (NASDAQ: PANW) is a US-based company that provides AI-powered security solutions across network, cloud, security operations and AI.
The study highlights that 57% of organizations plan to increase their cybersecurity spending over the next year. On average, cybersecurity now claims 13.6% of IT budgets, more than double from just 6% in 2019. Despite the investment surge, AI integration within security operations remains one of the lowest-performing areas across the region.
Other key findings include:
- 79% of mid-market firms expect to rely on partners to support cybersecurity within two years, up from 53% today.
- Top investment areas include cloud security, Identity and Access Management (IAM), and Security Information and Event Management (SIEM) systems.
- Framework adoption is inconsistent. The NIST 2.0 framework registered the lowest implementation scores, suggesting the need for greater awareness and support.
The financial services, telecommunications, and utility sectors are leading the way in cybersecurity framework adoption, while governance, identification, and incident response capabilities continue to lag behind protection and detection efforts.
“The research indicates that mid-market organizations in the region have made notable advancements in strengthening their cybersecurity posture,” said Tim Dillon, Founder, Director, and Principal Analyst at Tech Research Asia.
“However, there remains substantial opportunity for partners to support continued progress, particularly in the areas of workforce education and training, identity and access management, and application and data security,” Dillon said.
In the Philippines, for example, cybersecurity budgets now represent 13.3% of revenue, with major allocations toward security software, network security hardware, and data privacy protection. However, like much of the region, the country continues to grapple with gaps in AI deployment and response capabilities.
“Partners matter more than ever. Organizations are not only increasing their budgets but also seeking greater integration, education, and advanced technical support from their cybersecurity partners,” said Saw.
The Tech Research Asia Insights Report Asia-Pacific and Japan Edition was commissioned by Palo Alto Networks and completed in April 2025. The report’s average cybersecurity maturity score was 19.01 out of 25, reflecting moderate maturity but underscoring clear opportunities for improvement.
For more information, visit Palo Alto Networks’ report.
