Financial services and commerce sectors face unprecedented threats as AI adoption widens the attack surface
Web application and API attacks across the Asia Pacific and Japan (APJ) region rose by a staggering 73% year-over-year, the steepest increase globally, according to Akamai Technologies’ latest State of the Internet (SOTI) report, “State of Apps and API Security 2025: How AI Is Shifting the Digital Terrain.”
The report highlights India as the second most targeted country in APJ, registering 17.3 billion web and API attacks, trailing only Australia (20.3 billion) and ahead of Singapore (15.9 billion). The exponential growth in attacks is closely linked to the accelerated deployment of AI across industries, which, while enhancing capabilities, also expands the attack surface for threat actors.
“The surge in attacks reflects more than just the region’s rapid digital adoption — it underscores the urgent need for cybersecurity to evolve with AI’s deepening integration into enterprise ecosystems,” said Reuben Koh, Director of Security Technology and Strategy, Akamai Technologies APJ.
Key Findings from the Report:
- 51 billion web application attacks in APJ in 2024, up from 29 billion in 2023
- Financial services were the most targeted, with over 27 billion attacks, followed by commerce with 18 billion
- India faced 1.1 trillion Layer 7 DDoS attacks, ranking second after Singapore
- 150 billion API attacks globally, driven by automation and inadequate authentication
- Digital media and e-commerce emerged as top targeted sectors across APJ
“The surge in attacks reflects APJ’s digital growth — and the urgent need for AI-aligned security strategies.”
— Reuben Koh, Director of Security Technology and Strategy, Akamai Technologies APJ
The report also notes a 66% rise in Layer 7 DDoS attacks across the region, with HTTP floods being the most prevalent. APJ remains the second-most targeted region for such attacks globally.
Rising Regulatory Pressures
With cyber threats mounting, governments across the region are tightening data and application security regulations. India’s Digital Personal Data Protection Bill, Singapore’s updated cybersecurity bill, and Australia’s Cybersecurity Act 2024 are examples of the region’s legislative response to the evolving threat landscape.