Singapore leads world in ransomware-linked regulatory threats

This figure compares to 47% across nine other major economies.

Singapore organisations are the most frequent targets of regulatory extortion tactics by cybercriminals, according to new findings from cybersecurity firm Semperis.

In its 2025 Global Ransomware Risk Report, 66% of Singapore-based respondents reported being threatened with regulatory complaints if they did not report cyber incidents — the highest rate globally.

This figure compares to 47% across nine other major economies, including the United States, the United Kingdom, Germany, and Australia.

The report also found 85% of affected organisations in the Asia-Pacific region had paid ransoms to restore systems or prevent data leaks.

In Singapore specifically, 50% of those impacted reported making multiple ransom payments, suggesting ongoing challenges in containing threats and preventing recurrence.

Semperis noted that this rate of payment exceeds that of other regions — including the UK (68%), North America (66%), and Europe (50%).

Cyberattacks on identity infrastructure — such as Active Directory and cloud-based identity platforms — were cited as a leading attack vector. 93% of Asia-Pacific organisations experienced identity-related breaches over the past year, significantly more than other forms of compromise.

Beyond technical disruptions, the report indicated that ransomware incidents have contributed to leadership changes. In Singapore, 67% of respondents said that a cyberattack led to the resignation or dismissal of senior executives.