The Indo-Pacific region is undergoing a critical digital transformation influenced by rapid AI advancements, geopolitical shifts, and increasing cyber risks, requiring coordinated efforts to build resilience and sustainable digital capabilities. PGI's Capacity Building team explore the three key challenges we've identified.
“The question is not whether AI will influence international peace and security, but how we will shape that influence.”
United Nations Secretary-General, António Guterres
UN Security Council high-level open debate on AI – September 2025
This question carries particular weight in the Indo-Pacific, where rapid digitalisation, shifting geopolitical dynamics and accelerating advances in AI are reshaping national priorities and amplifying digital risk. As 2025 draws to a close, these forces have placed the region in a period of significant transition, with governments reassessing digital priorities, development partners recalibrating programmes and new technologies reshaping economies and public services.
Against this backdrop, the ITU World Telecommunication Development Conference (WTDC) has just concluded in Baku, where senior government officials spent two weeks examining emerging digital trends and agreeing on an international approach to global digital development for the remainder of the decade. The draft proposal for the Baku Declaration 2025 highlights how new and emerging ICTs are drivers of socio-economic prosperity and sustainable development. It also acknowledges that this combination of global challenges and rapid technology developments present unprecedented opportunities for building economic and ecological resilience. Later this week, government and industry leaders will also convene for The Sydney Dialogue, a policy summit focused on critical, emerging and cyber technologies. The rapid evolution of generative AI is expected to dominate the agenda, alongside other near-term disruptions and long-term issues that are reshaping digital ecosystems.
These end-of-year discussions, from Azerbaijan to Australia, follow a year that has felt unprecedented for the international development and technology community. Global funding priorities have shifted, AI adoption has increased and multiple conflicts have continued—contributing to rising uncertainty in regional politics, economic conditions and digital risk. Cybercrime networks also expanded their operations and state-aligned information operations are intensifying, leaving organisations across the Indo-Pacific struggling to keep pace with increasingly complex digital harms and hybrid threats.
Looking ahead to 2026 and beyond, the Indo-Pacific is expected to remain at the centre of these global dynamics. Awareness of cybersecurity and digital risk continues to grow, yet governments, critical infrastructure operators and development partners face mounting pressure to build practical, sustainable and adaptive capability in a rapidly evolving environment.
Drawing on our work at the digital coalface with government and industry partners across the region, our team has observed several consistent themes. Through our experience in areas such as digital intelligence, cybersecurity, and cyber capacity building, we have identified three of the major challenges confronting both government and private sector actors and we explore them in this article. Understanding these challenges and responding in a coordinated and context-appropriate way will be essential to strengthening the region’s digital resilience in the decade ahead.
“This is a critical moment for the globe and for the world to come together to combat cybercrime.”
Assistant Minister for Foreign Affairs and Trade of Australia, Matt Thistlethwaite
United Nations Convention Against Cybercrime Signing Ceremony - October 2025
This warning resonates strongly in the Indo-Pacific, where digital transformation, shifting geopolitical dynamics, and increasingly sophisticated cyber threats are converging at a scale that requires coordinated regional action. The region has become one of the fastest evolving digital landscapes in the world. Governments (in partnership with industry) are expanding digital identity programs, modernising public services and investing in cloud and data infrastructure. Private sector organisations across banking, telecommunications, logistics and other critical industries are accelerating digital transformation as they work to remain competitive in a rapidly changing regional economy. These developments have created new efficiencies and growth opportunities, and new vulnerabilities.
Digital systems that once operated at the edges of government and industry are now fundamental to national resilience. Critical infrastructure operators depend on interconnected technologies and real-time data. Public services increasingly rely on secure, trusted digital platforms. Small and medium enterprises are becoming more digitally enabled but often lack the resources to manage growing cyber risks.
Threat actors have adapted quickly. Cybercrime networks have expanded their activities with ransomware, online fraud and financially motivated scams affecting entire communities. State-aligned information operations are targeting public trust and political stability. The spread of AI-enabled tools has made it easier for malicious actors to automate attacksand deceive individuals or organisations at scale.
These pressures coincide with intense geopolitical competition shaping technology supply chains, data governance and national decision making. As a result, governments and industry leaders are increasingly aware that cybersecurity is not only a technical issue; it is a central pillar of economic resilience, national security and public trust. The ability to build practical and sustainable capability is now essential to navigating this turning point in the region’s digital development.
“We must address concerns related to cyber security, disinformation, and deep fakes. And, we must also ensure that technology is rooted in local ecosystems for it to be effective and useful.”
Prime Minister of India, Shri. Narendra Modi
AI Summit, Paris – February 2025
AI has already reshaped the threat landscape across the Indo-Pacific, accelerating both the scale and sophistication of malicious activity. Synthetic identities, cloned voices, tailored phishing messages and manipulated images have made deception far easier and far more scalable. Fraud operations can now be automated across languages and platforms, while deepfake-enabled impersonation is increasingly used in financial crime, social engineering and political disruption. These techniques are being adopted quickly by criminal networks and are converging with broader hybrid activities that target the integrity of information environments.
Foreign information manipulation and interference is becoming more coordinated and more sophisticated. Influence operations often involve cross-platform activity designed to amplify misleading narratives, heighten social tensions and erode trust in public institutions. Effective responses require moving beyond content moderation to examine how operations are structured, how actors coordinate across networks, and how compromised accounts, fraudulent identities and digital infrastructure are exploited.
These trends are unfolding within a wider geopolitical context in which cyberspace is used for influence, intelligence collection and disruption. The convergence of cybercrime, AI-enabled deception and geopolitical pressure is creating complex harms that governments and critical infrastructure operators must manage daily.
PGI has supported partners across the region to strengthen digital investigations, analyse FIMI activity and develop practical approaches for identifying and disrupting harmful networks. Our work helps frontline teams safeguard the systems and information environments that underpin social and economic stability.
“All ministries must treat this with the resolve of waging a war against hacking,”
Prime Minister of South Korea, Kim Min-seok
South Korean Emergency Meeting on Hacking Incidents - September 2025
Across the Indo-Pacific, governments have produced a steady stream of nationaland regionalcybersecurity strategies, digital transformation plans and sectoral roadmaps. These documents set out clear ambitions for stronger institutions, improved response capabilities and better coordination with industry and international partners. Yet, translating strategy into sustained operational capability remains difficult. Staffing shortages, budget pressures, competing priorities, overlapping mandates, and day-to-day service delivery demands can often stall progress before reforms become embedded.
AI adds further complexity as government agencies are expected to regulate emerging technologies, manage AI-related risks and establish governance frameworks at a time when their internal capacity remains limited. Decisions on procurement, data governance and technology standards have become more politically sensitive and technically demanding amid global competition and evolving regulatory expectations.
These dynamics have widened the gap between strategic intent and practical delivery. Closing this gap requires deliberate attention to coordination, institutional design and the systems that support daily operational work. Effective implementation depends on:
Progress is often strongest when high-level policy direction is reinforced with sector-specific guidance, when ministries receive targeted support to translate objectives into practical steps and when agencies coordinate with international partners to reduce regulatory fragmentation.
PGI has worked with governments and operators across the region and beyond to address these challenges. A past example includes partnering with the Malaysia Digital Economy Corporation (MDEC) and Asia Pacific University (APU) to deliver Incident Response training including a ‘Train-the-Trainer’ plan to ensure clear structures and responsibilities in place to support longer term sustainability of the training program.
“Singapore is committed to exploring growth opportunities and building talents in emerging and transformative technologies. Exploiting such technological advancements will create new possibilities across multiple domains—ranging from the digital economy to national security—allowing us to remain adaptable, secure, and future-ready.”
Deputy Prime Minister of Singapore, Heng Swee Keat
Singapore Defence Technology Summit – March 2025
Demand for cybersecurity and digital resilience expertise across the Indo-Pacific continues to rise faster than the workforce can expand, with the ICS2 2024 Global Cybersecurity Workforce Gap for Asia-Pacific coming in at over 3 million, up 26.4% YoY. Government agencies, regulators, national CSIRTs and critical infrastructure operators increasingly depend on digital systems, yet many struggle to attract and retain the specialised staff needed to secure them. Competition with the private sector is intense, with skilled professionals often drawn to global firms offering higher salaries, mobility and stronger career progression. This places sustained pressure on public institutions already managing broad mandates with constrained resources.
This challenge can be particularly acute in small and medium-sized economies where geographic dispersion, limited training infrastructure, smaller labour markets, and brain drain make it difficult to cultivate and retain a workforce with the depth and breadth required to meet national needs. The result is an uneven distribution of skills both within countries and across the region.
The rapid expansion of AI-enabled capabilities has introduced additional complexity. Workforce development is no longer focused solely on traditional cybersecurity skills. Agencies now require expertise in AI governance, secure model deployment, automated decision-making and the implications of AI for digital investigations and regulatory oversight. These demands are reshaping job roles faster than institutions can update training pathways.
Addressing this deficit requires coordinated investment across the full workforce system. Governments need short-term reskilling and upskilling programs that help existing staff adapt to emerging technologies, as well as clearly defined entry pathways that bring new talent into the sector. Sustainable approaches such as training-of-trainers models, mentoring structures, regional peer networks and governance and strategic frameworks help embed capability within institutions rather than treating skills as isolated interventions. Countries benefit most when these efforts are designed as part of an integrated system that reflects local context, strengthens existing institutions and aligns with broader national and regional digital resilience priorities.
PGI works closely with government and lead agencies such as NCSCs to diagnose and respond to training needs. Examples include the delivery of the Women in Cyber Fellowship programs, working on an Asia Pacific Telecommunity (APT) Expert Mission in Thailand to provide recommendations for talent development, and co-designing foundational workforce frameworks that all aim to build technical depth, develop clear learning pathways, and strengthen long-term capability.
“By deepening collaboration, we can better protect critical sectors, share threat intelligence and knowledge, and build a safer digital environment for the Pacific. If you want to go fast, go alone. If you want to go far, go together.”
Deputy Prime Minister of Fiji, Hon. Manoa Kamikamica
Pacific Cyber Week – August 2025
The Indo-Pacific’s rapid digitalisation offers significant opportunity, but rising cybercrime, emerging hybrid threats, implementation gaps and workforce shortages show that practical capability building remains essential. The Deputy Prime Minister’s message reflects a core truth for the region: long-term progress relies on strong institutions working in close partnership with experienced and locally engaged organisations.
As the region moves through the final years of this decade, PGI remains committed to working with partners across the Indo-Pacific to navigate these challenges and strengthen the foundations of secure, prosperous and digitally resilient societies.
Talk to us to find out more.
Boards and executives play a defining role in setting culture, governance, and accountability for their organisations and part of that is digital resilience.
Recent high-profile cyberattacks, including those affecting Jaguar and Heathrow, have highlighted a critical truth: cyberattacks don’t just impact the targeted organisation—they can ripple through the entire supply chain.
Building cyber resilience across the electoral cycleFrom biometric voter registration to real-time result dashboards, digital systems are increasingly underpinning every stage of the electoral process.
