By Tengku Noor Shamsiah Tengku Abdullah
PETALING JAYA, June 25: Artificial Intelligence (AI) is rapidly transforming the landscape of cybercrime, making attacks quieter, quicker, and significantly harder to detect, according to a recent IDC survey.
The survey, commissioned by global cybersecurity leader Fortinet, reveals a sharp escalation in both the volume and sophistication of cyber threats across Malaysia and the broader Asia Pacific region.
At a media briefing recenty, Fortinet’s key team members gave an insight into the growing cornern and how attackers were leveraging AI to scale their operations, leaving security teams struggling to keep pace and exposing critical gaps in visibility and defence.
This new breed of AI-powered attacks is designed to be elusive, often exploiting weaknesses in human behaviour, system misconfigurations, and identity management. Among the top AI-driven threats reported in Malaysia are AI-automated exploit development targeting zero-day vulnerabilities, polymorphic malware, AI-assisted credential stuffing and brute force attacks, adversarial AI and data poisoning, and highly sophisticated Deepfake impersonation in business email compromise (BEC) schemes.
According to the survey, close to 50 percent of Malaysian firms have encountered AI-powered cyber threats in the past year. These attacks are not just increasing in frequency but in intensity, with 54 percent reporting a 2X increase and a significant 24 percent experiencing a staggering 3X surge in such threats.
The worrying part is that despite the growing threat, only 19% of organisations expressed high confidence in their ability to defend against these advanced attacks. Alarmingly, 27 percent admitted that AI threats were outpacing their current detection capabilities. Meanwhile, 20 percent of them had no ability to track AI-powered threats whatsoever.
The exposure to cybersecurity threats is no longer an occasional threat but a persistent one with many organisations remaining vulnerable to threats that operate in the shadows, with ransomware remaining a dominant concern.
Meanwhile, resources remain a challenge with only 7 percent of an organization’s workforce is dedicated to internal IT, and a mere 13 percent of that subset focuses on cybersecurity. This translates to less than one full-time cybersecurity professional for every 100 employees, highlighting a critical talent deficit.
During the briefing, Fortinet also highlighted the lack of cybersecurity talents, the scarcity of specialized cybersecurity roles with only 15 percent of of organizations having a standalone Chief Information Security Officer (CISO), with the majority (63%) combining cybersecurity responsibilities with broader IT roles.
While investments are rising they are insufficient to meet the risks ahead. On average, only 15 percent of IT budgets are allocated to cybersecurity, representing just over one percent of total revenue.
However, there is a growing recognition of the need for a more integrated approach. The convergence between security and networking is becoming mainstream, with 96% of respondents in Malaysia either already converging or actively evaluating options, although challenges remain.
Simon Piff, Research Vice-President, IDC Asia-Pacific said the findings of the survey showed a growing need for AI-accelerated defence strategies across APJC. “Organizations are facing a surge in stealthy, complex threats—from misconfigurations and insider activity to AI-enabled attacks—that bypass traditional detection methods. A shift toward integrated, risk-centric cybersecurity models is critical to staying ahead. In this new threat landscape, reactive security is no longer enough—predictive, intelligence-driven operations must become the norm.”
Kevin Wong, Country Manager, Fortinet Malaysia said with threats growing quieter and more coordinated, Fortinet was helping organizations across Malaysia stay ahead with a unified, platform-based approach that brings together visibility, automation, and resilience. “In today’s threat environment, speed, accuracy, and integration are essential.”
Rashish Pandey, Vice President of Marketing and Communications, Asia and ANZ at Fortinet, said the focus would be to move beyond infrastructure to more strategic areas like identity, resilience, and access. “At Fortinet, we’re helping customers reframe cybersecurity as a long-term business enabler—not just a line of defence. Our platform brings the scale, intelligence, and simplicity needed to adapt and thrive in this new reality.”
–WE