As a regional hotspot for cybercrimes, APAC grapples with a myriad of cybersecurity threats daily - fueled in part by its rapid digital transformation and geopolitical tensions.
Like the rest of the world, China, which leads with the largest economy in this region, also finds itself in a similar threat landscape when it comes to the use of techniques and strategies by cybercriminals. In fact, it is almost certain that an economic powerhouse like China will experience an exponential increase in crimes in parallel to its economic growth.
What separates China from the other countries regionally and globally, is in its self-created digital ecosystem, given China’s approach to data sovereignty and security concerns that enforces strict regulation of data flow over borders and across its digital economy.
With bans imposed on some foreign sites by the Chinese government, this has led to China developing its internal apps and technologies such as its own local payment gateways, local cloud storage, and local social communication tools.
So while an attack from outside of China is seemingly restrained, however, it hasn’t stopped malicious actors from exploiting or leveraging China’s unique digital ecosystem to carry out attacks – for example, sending malware virus to an employee through China’s popular WeChat app. The employee unknowingly forwards it to his or her group chat of other colleagues in the workplace, so everyone else gets infected whether on their office or personal devices, particularly since people are prone to using and installing the app for their social media activities and as a common tool for their daily operations.
Our CyberSOC in China in fact revealed a heavy concentration of internal threats, with misuse as the primary action affecting end-user devices based on our intelligence gathered. According to Orange Cyberdefense’s Security Navigator 2025 report, the impacted assets in China rank as follows: end user devices (28.82%), server (23.06%), cloud (16.29%), account (15.29%), multiple assets (9.02%), and network (5.26%).
As for the VERIS Actor scoping for our Chinese customers, the distribution shows internal (55.15%), followed by external (43.84%), unknown (0.29%), and partners (0.29%). Furthermore, the VERIS Action allocation for Chinese customers ranks misuse at 33.46%, followed by error (22.70%), hacking (21.78%), social (12.07%), and malware (9.19%)
Despite this, China still ranks low as the 12th most impacted country in APAC with a victim count of 21 victims, a decrease by 21% in cyber extortion incidents.
And although technology in China has been fast growing over the past decade, the level of IT maturity or the overall security management maturity has still room to grow – that’s with at least a few more years to be on par with the maturity level of some other countries.
This is because the cybersecurity and protection of networks were not a priority for many local enterprises or that many of them prefer to develop their data leakage protection systems instead.
However, it’s not until recent years that we are seeing more of China firms making their investment in information security, while finding the balance between data compliance and cybersecurity. We are positive of this development and the trend that there will hopefully see a greater balance between security investment and maturity of IT usage and adoption.
AI Adoption
In China, companies are afraid of not adopting AI as many of them will procure the hardware and implement their on-premises agents to build their AI solutions.
This is because in expecting AI to redefine new business models and increase their operational efficiency once the threshold is reached, they also do not want to miss out the adoption of new technology to not lose relevance or their competitive edge in the market.
While AI and GenAI have become equally accessible to threat actors and are being exploited by these cybercriminals to cause harm such as phishing, ransomware, or financial frauds, many customers are also concerned on the risk of non-adoption of AI across three main considerations, namely efficiency loss, opportunity loss, and marketability loss.
On the GenAI front, China is also making seismic shifts starting with the startup game-changer DeepSeek that has revolutionized the global market, followed by several more AI models that have since been developed by other Chinese startups.
While we will continue to see more groundbreaking AI innovations take off, businesses may need to contend with more enhanced threats in addition to existing ones that would have pre-existed before AI technology
Conclusion
The internal nature of these threats underscores the importance of user access controls and monitoring for insider threats within an organization.
This includes regulating access to proprietary information by ensuring that the underlying data security fundamentals are in place to restrict access as appropriately required – and so, consistently practising existing security measures like secure development, data security and Identity & Access Management will be increasingly crucial to assert authorization and privileges.
Additionally, organizations can Implement training, assurance programs, and familiarization processes that minimizes any potential of employees deliberately or unintentionally revealing sensitive or confidential information to an external party via a GenAI application.
In view of the different underlying technology platform used in China, it may require a strong national cybersecurity strategy to encompass a nationwide preparedness for a large-scale impact in the fight against cybercrimes. Until then, companies need to beef up their resilience not only by embracing technical solutions but also cognitive defenses in order to address constantly evolving threats as well as to safeguard and recover.
This includes engaging a proactive, intelligence-driven approach to detect and mitigate hidden threats and unknown digital risks, backed by tools and an intelligence team such as Orange Cyberdefense China CyberSOC - one of 15 centers in the world for managed detection and response operations, staffed by 24/7 cybercrime fighting team that provides intelligence-led security in action for an adaptive cyberdefense posture in line with China’s information security laws.
Recommended for you
Jay Wang is the Head of Service Operations at Orange Cyberdefense China, leading a successful team in cybersecurity innovations and service delivery. With 15 years of experience in the cybersecurity industry, Jay has an extensive background as a software developer, security engineer, and security manager, and possesses rich expertise in cyber risk management, prevention, detection, and response. He firmly believes that every company needs robust cybersecurity services to safeguard their operations. In his free time, Jay enjoys hiking and cycling, finding balance for his body, mind, and soul in nature.