Singapore amongst most exposed APAC markets to API security incidents
AI-linked API attacks are the most common type across the region.
Singapore ranks amongst the most exposed APAC markets to API security incidents, according to a survey by Akamai Technologies.
The findings are based on 640 cybersecurity decision-makers across China, Japan, India, and Singapore under the cybersecurity, cloud computing, and content delivery network (CDN) company’s 2026 API Security Impact Study.
API security incidents refer to security breaches involving application programming interfaces (APIs), which connect applications, systems and data across enterprise environments.
Attacks involving APIs linked to AI technologies, including applications, agents and large language models, accounted for 43% of incidents, rising to 48% in Singapore.
Exploitation of missing or insufficient access controls was reported by 37% of organisations, including 43% in Singapore. Data breaches or leaks via APIs stood at 36% regionally and 40% in Singapore.
Exploitation of unmanaged APIs, including shadow or zombie APIs, accounted for 34% across APAC and 36% in Singapore, whilst API misconfigurations stood at 34% regionally and 32% in Singapore.
Akamai said enterprises in the region are operating expanding API estates, averaging about 6,000 APIs per organisation, with the top quartile exceeding 29,000.
However, only 22% of respondents said they have a full API inventory and know which APIs return sensitive data. In Singapore, this figure is 21%.
The study found 58% of organisations have dedicated API security personnel, whilst 40% reported using advanced security-focused API testing.
Incident exposure remained high across markets, led by India at 93%, followed by Singapore at 90%, Japan at 84%, and China at 63%.
Average incident costs were highest in Japan at $2.03m (US$1.59m), followed by Singapore at $1.7m (US$1.33m), China at $1.04m (US$817,940), and India at $635,355 (US$497,499).
The report said organisations in APAC face an average of 3.6 API security incidents annually, with more than half of affected firms reporting four or more incidents.
It added that gaps in API visibility and inventory remain a key challenge as AI adoption increases connectivity across enterprise systems, including models, data sources, and workflows.
Singapore has also seen sustained exposure to multiple forms of automated cyberattacks across digital systems, including exploit and remote access targeting, according to a LexisNexis cybercrime report.