Figure A B.1. shows that the number of cyber incidents in ASEAN was much lower than in the G7 (Figure 2.2) for most of the 2000s and early 2010s, with an isolated, single‑quarter spike (notably in SMEs) but levels quickly falling back to prior levels. The trend changed around 2019, with incidents increasing across banks, large firms and SMEs. It has risen steadily since for large firms and SMEs while banks have experienced intermittent peaks. Even if absolute numbers remain below those of the G7 (Figure 2.2), the post‑2019 landscape implies a structural change rather than an episodic trend, suggesting a broadening exposure as digitisation deepens and more organisations become consistently “attackable” targets. The rise reflects a widening attack surface and more frequent exploitation of vulnerabilities created by fast technological adoption, uneven security maturity, and configuration errors. This indicates that cloud and interconnected ecosystems create concentrated points of dependency, where a single disruption or misconfiguration can cascade broadly across organisations (WEF, 2026[18]).
Cybersecurity and geopolitical risks in financial markets
Note: Data are from the Advisen (Zywave) cyber incident database and OECD calculation. SMEs are defined as firms with fewer than 250 employees; Large Firms are those with 250 employees or more. Banks are identified as entities classified under NAICS 522 (Credit Intermediation and Related Activities). Series are quarterly counts of recorded cyber incidents. The most recent quarters may be subject to reporting lags and should be interpreted with caution.
Source: Advisen/Zywave Cyber Loss Insight feed.
“Cyber Inequity” (gaps in skills/resources) is described as creating vulnerabilities that extend beyond individual entities, with smaller organisations more likely to report insufficient resilience (WEF, 2026[18]). Practically, this argues for pairing growth in digital adoption with tighter hygiene against security holes, stronger configurations, continuous assessment, and strong patch management programmes, while also upgrading third‑party risk controls because attackers often exploit weak links in supply chains.
ASEAN’s cybersecurity readiness remains uneven, and SMEs, while central to regional production networks, often face binding resource and capability constraints, making them both frequent targets and potential transmission nodes (IISS, 2023[80]). Attacks on these firms frequently reverberate through supply chains, as a single compromised intermediary can lead to delayed shipments, disrupted inventories, and reduced production outputs for larger corporations downstream. Evidence from large exogenous supply chain disruptions (e.g. natural disasters) similarly documents rapid propagation across firms and slow recovery, highlighting the potential persistence of cyber-driven disruptions in tightly linked value chains (Carvalho, 2014[12]; Boehm, Flaaen and Pandalai-Nayar, 2020[81]).
The cyber resilience of SMEs as a credit channel is not just a microeconomic concern; it has macroeconomic and geopolitical dimensions, influencing trade flows, capital allocation, and foreign investment decisions. Meanwhile, developments in recent periods have underscored the strategic importance of ASEAN in the global landscape of cyber-enabled financial crime. Evidence points to the emergence of industrial-scale online scam operations in parts of mainland Southeast Asia, enabled by rapid digitalisation and deep integration into global trade and payment networks.
The Cybersecurity Survey in ASEAN (Oikawa et al., 2024[82]), which is presented as Figure A B.2, demonstrates clear differences in cybersecurity adoption across firms of varying sizes, with a notable contrast between the web survey and phone survey results. In both survey modes, medium and large enterprises consistently report higher rates of “already implemented” cybersecurity measures. However, the data also reveal that micro and small enterprises – particularly in the web survey – display substantially higher proportions of respondents selecting “no plan to implement,” indicating more pronounced implementation gaps among smaller firms that participated digitally.
By comparison, the phone survey exhibits a similar pattern yet with higher implementation levels across all size categories, suggesting that firms reached through phone interviews may be slightly more advanced or more aware of cybersecurity practices. Overall, the figure underscores that both enterprise size and survey mode influence reported cybersecurity adoption, with resource constraints among smaller firms more visibly reflected in the web-based responses.
Source: Oikawa et al. (2024[82]). The Digital Divide Amongst MSMEs in ASEAN, https://www.eria.org/uploads/The-Digital-Divide-Amongst-MSMEs-in-ASEAN.pdf.
For ASEAN, aligning cybersecurity requirements for AML/CFT plays an important complementary role beyond prudential and operational rules. Operations based in the region can target victims worldwide, while associated proceeds may be channelled through regional and offshore financial centres and crypto‑asset platforms. The reason is that cyber-enabled fraud and scam ecosystems can generate large volumes of illicit proceeds that are rapidly laundered through complex cross-border channels, often involving offshore structures, regional payment rails, and crypto‑asset platforms, creating direct risks to market integrity and confidence. This has elevated the policy salience of critical information sharing alongside technical cybersecurity co‑operation, especially where scam operations and laundering networks have been assessed as transnational and financially systemic in scale.
Finally, these issues sit at the intersection of cyber resilience and financial crime prevention and mitigation policy. While AML/CFT frameworks and standards primarily address illicit financial flows after they have entered the financial system, a new workstream would seek to strengthen ex ante cyber resilience to lower the likelihood that intrusions into IT systems, data centres and digital asset platforms lead to significant losses of data or funds. The approach aligns with international efforts on cyber resilience and financial crime. First by examining how robust operational and cyber defences – including sound governance and insider-risk management – can reduce opportunities for cyber-enabled money laundering, sanctions evasion and the misuse of crypto‑assets. And second by highlighting the macro-financial and sectoral channels through which successful attacks can propagate.