232 views
Photo by Moritz Erken via Unsplash

Singapore amongst most exposed APAC markets to API security incidents

AI-linked API attacks are the most common type across the region.

Singapore ranks amongst the most exposed APAC markets to API security incidents, according to a survey by Akamai Technologies.

The findings are based on 640 cybersecurity decision-makers across China, Japan, India, and Singapore under the cybersecurity, cloud computing, and content delivery network (CDN) company’s 2026 API Security Impact Study.

API security incidents refer to security breaches involving application programming interfaces (APIs), which connect applications, systems and data across enterprise environments.

Attacks involving APIs linked to AI technologies, including applications, agents and large language models, accounted for 43% of incidents, rising to 48% in Singapore.

Exploitation of missing or insufficient access controls was reported by 37% of organisations, including 43% in Singapore. Data breaches or leaks via APIs stood at 36% regionally and 40% in Singapore.

Exploitation of unmanaged APIs, including shadow or zombie APIs, accounted for 34% across APAC and 36% in Singapore, whilst API misconfigurations stood at 34% regionally and 32% in Singapore.

Akamai said enterprises in the region are operating expanding API estates, averaging about 6,000 APIs per organisation, with the top quartile exceeding 29,000.

However, only 22% of respondents said they have a full API inventory and know which APIs return sensitive data. In Singapore, this figure is 21%.

The study found 58% of organisations have dedicated API security personnel, whilst 40% reported using advanced security-focused API testing.

Incident exposure remained high across markets, led by India at 93%, followed by Singapore at 90%, Japan at 84%, and China at 63%.

Average incident costs were highest in Japan at $2.03m (US$1.59m), followed by Singapore at $1.7m (US$1.33m), China at $1.04m (US$817,940), and India at $635,355 (US$497,499).

The report said organisations in APAC face an average of 3.6 API security incidents annually, with more than half of affected firms reporting four or more incidents.

It added that gaps in API visibility and inventory remain a key challenge as AI adoption increases connectivity across enterprise systems, including models, data sources, and workflows.

Singapore has also seen sustained exposure to multiple forms of automated cyberattacks across digital systems, including exploit and remote access targeting, according to a LexisNexis cybercrime report.

Join Singapore Business Review community
A NOTE FROM SINGAPORE BUSINESS REVIEW

The people you want to reach are already in this room.

Every quarter, SBR lands on the desks of the founders, CFOs, and directors running Asia's most consequential companies. Every day, they open our newsletter and read our website. It's a room that took twenty years to build — and it's the one most of our partners are trying to get into.

The good news is that the door is open. We work with companies on thought leadership articles, sponsored content, industry summits across Southeast Asia, regional awards programmes, podcasts, and media placements in print and digital. The shape of the right partnership depends on what you're trying to do, which is why we'd rather start with a conversation than send a rate card.


If you have something this room should know about, tell us. We'll tell you honestly whether we can help, and how.

No rate cards until we understand the brief. It's a better use of everyone's time.