Abnormal Security, the leader in AI-native human behaviour security, released new data that showcases how the Asia-Pacific (APAC) region has become a hotbed for advanced email threats. The findings reveal a marked increase in advanced email attacks, including phishing and business email compromise (BEC), targeting organisations across Australia, New Zealand, Japan, and Singapore between January 2023 and December 2024.

“The surge in attack volume across the APAC region can likely be attributed to several factors, including the strategic significance of its countries as epicentres for trade, finance, and defence”

The data is based on an analysis of advanced email attack trends observed across Abnormal customers, including an analysis of traditional BEC attacks like executive impersonation and payment fraud, as well as credential phishing and malware.

Marketing Technology News: MarTech Interview with Kelly Hopping, CMO @ Demandbase

According to the data, between 2023 and 2024, the median monthly rate of advanced email attacks in the APAC region surged by 26.9%, climbing from 472 attacks per 1,000 mailboxes to 600. Notably, attack volumes increased quarter on quarter in 2024, with a 16% rise between Q1 and Q2 and a 20% escalation from Q2 to Q3.

Out of all advanced email attacks, phishing – often the entry point for larger, more sophisticated attacks – rose most significantly across the APAC region, with a 30.5% year-over-year increase in incidents. The impact varied regionally, with phishing attacks in Japan and Singapore spiking by 37%, while Australia and New Zealand experienced a slightly smaller but still significant 30% increase.

While phishing attacks dominated in volume, BEC attacks also grew by 6% year-over-year in the APAC region. Despite seeing a significantly lower growth rate as compared to phishing, the rising prevalence of BEC is notable. Known for their precision and high financial impact – with average losses exceeding $137,000 per successful attack, and global losses totalling $2.9 billion in 2023 – growing rates of BEC underscore a critical need for robust defences.

Marketing Technology News: How DAM Platforms are Evolving Today – Impact of AI in Digital Asset Management

Unlike phishing, BEC attacks rely on social engineering rather than technical exploits, often evading traditional security measures. This makes employees the last line of defence, emphasising the need for advanced solutions that neutralise these threats in real-time.

“The surge in attack volume across the APAC region can likely be attributed to several factors, including the strategic significance of its countries as epicentres for trade, finance, and defence,” said Tim Bentley, Vice President of APJ at Abnormal Security. “This makes organisations in the region attractive targets for complex email campaigns designed to exploit economic dynamics, disrupt essential industries, and steal sensitive data.”

Bentley continued, “As sophisticated email-based threats continue to rise, businesses in the APAC region must evolve their defences, including investing in intelligent security solutions that can precisely detect and block attacks before they land in employee inboxes.”