Results from the Semperis 2025 Global Ransomware Risk Report indicate that Singapore faces the highest global risk of regulatory extortion from cybercriminals.
The report, based on a survey of nearly 1,500 organisations worldwide, highlights the prevalence and characteristics of recent ransomware attacks across various sectors and regions. According to the study, 61% of organisations based in the Asia-Pacific region reported at least one successful cyberattack over the past year, a rate second only to Germany (66%).
Singapore stands out notably, with 66% of respondents revealing that hackers explicitly threatened to file regulatory complaints if data breaches were not reported to authorities. This figure is significantly higher than the combined average (47%) reported by organisations in the United States, United Kingdom, France, Germany, Spain, Italy, Canada, Australia, and New Zealand.
High extortion rates
The report notes that extortion threats in Singapore surpass global trends. These tactics exploit strict regulatory reporting requirements, putting organisations under increased pressure to pay ransoms or meet cybercriminals’ demands to avoid further legal and reputational repercussions.
As data confidentiality becomes increasingly critical, especially for senior decision-makers in highly regulated sectors, this finding suggests that ransomware groups are tailoring their extortion methods to exploit both operational vulnerabilities and executive-level anxieties. For Singaporean organizations, this underscores the need for robust data governance and clear crisis communication protocols.
The use of regulatory complaint threats as leverage is particularly acute in industries facing strict governance and where board-level concerns over data privacy are high.
Ransom payments and repeated attacks
The research also found that 85% of affected organisations in Asia-Pacific paid ransoms to restore systems or protect data. This proportion exceeds that of the UK (68%), North America (66%), and Europe (50%), indicating significant operational and reputational pressure on businesses in the region. In Singapore, 50% of those impacted have paid ransoms multiple times, revealing a cycle of repeated extortion.
Paying ransoms should never be the default option. While some circumstances might leave the company in a non-choice situation, we should acknowledge that it’s a downpayment on the next attack. Every dollar handed to ransomware gangs fuels their criminal economy, incentivizing them to strike again. The only real way to break the ransomware scourge is to invest in resilience, creating an option to not pay ransom.
The data suggests that repeated compliance with ransom demands may exacerbate vulnerability by encouraging further targeting from attackers.
Identity-related breaches
Identity infrastructure compromises were the most reported type of incident among Asia-Pacific organisations, with 93% experiencing such breaches. This form of attack often leads to wider system infiltrations and enables the exfiltration or manipulation of sensitive data.
Release of sensitive data as a threat
The main tactic used by ransomware attackers, according to the report, is threatening to release confidential or proprietary data. This approach was cited by 82% of organisations as a principal reason for complying with ransom demands.
Impact on leadership
Ransomware incidents in Singapore have implications beyond technological disruption. The survey reveals that 67% of Singapore-based organisations reported resignations or dismissals among C-level executives following a ransomware event. This finding highlights the considerable accountability and scrutiny at the executive level in connection with cybersecurity preparedness and incident response.
Effective governance, communication, and ongoing evaluation of cybersecurity readiness appear vital to mitigate not only operational disruption but also potential fallout in the leadership ranks.
Guidance for resilience
There is an urgent need for organizations to strengthen their overall cybersecurity posture, particularly around identity protection. Ransomware resilience around identity infrastructure, is key. As cyberattacks grow more targeted and relentless, Singapore enterprises must urgently prioritise identity-first security strategies, proactive recovery planning, and executive-level accountability to withstand the next wave of threats.
The report stresses the importance of resilience strategies that focus on identity systems and operational continuity to reduce future vulnerability.
Organisations must also rigorously assess the security of partners and supply chain vendors, as they often represent the weakest link in the cybersecurity chain. When third parties have access to sensitive systems and data, the risk of compromise significantly increases. Additionally, organizations should stay ahead of evolving ransomware tactics by conducting regular tabletop exercises to strengthen their response capabilities.
The Semperis 2025 Global Ransomware Risk Report brings attention to priority actions for organisations confronted by evolving attacks, urging stronger protective measures, and robust preparation to manage risks stemming from ransomware and associated extortion tactics.
