A Strategic Plan for Enhancing Cybersecurity in Southeast Asia: 2025-2034

I. Executive Summary

Southeast Asia faces an increasingly complex and rapidly evolving cybersecurity landscape. Cyber-enabled crimes, particularly large-scale cyber scam operations, have reached unprecedented levels, intertwining with illicit financial flows. The pervasive role of technology, including artificial intelligence (AI), virtual assets, and real-time payments, along with systemic corruption, acts as a cross-cutting enabler, accelerating the scale and sophistication of criminal activities. Furthermore, geopolitical shifts within and beyond the region complicate security dynamics, creating vulnerabilities that criminal networks exploit.

The next decade necessitates a proactive, adaptive, and comprehensive regional cybersecurity strategy. This plan proposes five interconnected strategic pillars designed to guide regional efforts, policy development, and operational priorities for 2025-2034. These pillars include strengthening intelligence and foresight, bolstering law enforcement and judicial capacities, advancing cyber resilience, prioritizing victim protection, and deepening strategic partnerships. Success will hinge on enhanced inter-agency and cross-sectoral collaboration, continuous innovation in response mechanisms, and a human-centric approach to combating exploitation, ensuring a secure and stable digital Southeast Asia for all its peoples.

II. Introduction: Strategic Context and Mandate

This document outlines a forward-looking strategic plan for the Association of Southeast Asian Nations (ASEAN) in enhancing cybersecurity for the period 2025-2034. Its purpose is to guide regional efforts, policy development, and operational priorities to effectively address the evolving nature of cybercrime and cyber-enabled transnational crimes, thereby ensuring a secure and stable digital Southeast Asia. The scope encompasses a comprehensive range of cyber threats, from established challenges to emerging digital risks, and emphasizes the need for an integrated regional response.

The current ASEAN Plan of Action in Combating Transnational Crime (2016-2025) has served as a foundational framework, guiding cooperation among ASEAN Member States, including in the area of cybercrime.¹ Adopted in Manila in 2017, this plan built upon earlier declarations and initiatives, including the 2015 Kuala Lumpur Declaration, which notably acknowledged the emergence of new forms of transnational crime.¹ The forthcoming 2025-2034 plan will build upon the achievements and lessons learned from the cybercrime components of the 2016-2025 Plan of Action, while dynamically adapting to the significantly altered digital threat landscape.

The imperative for a renewed regional strategy in a dynamic global environment is clear. The 18th ASEAN Ministerial Meeting on Transnational Crime (AMMTC) in June 2024 explicitly welcomed the progress of the review of priority areas of AMMTC by the Senior Officials Meeting on Transnational Crime (SOMTC) in view of the final review of the 2016-2025 Plan of Action and, critically, “the development of a renewed PoA”.² This directly mandates the creation of this 2025-2034 plan. The global and regional environments are characterized by rapid technological advancements, increasing geopolitical instability, and the opportunistic, poly-criminal nature of transnational criminal networks, particularly in the digital realm.³ These factors necessitate a strategic shift from reactive measures to a more proactive, intelligence-led, and technologically adept approach to safeguard the stability and well-being of ASEAN Member States and the region.¹

III. Review of the 2016-2025 ASEAN Plan of Action: Achievements, Challenges, and Lessons Learned

The 2016-2025 ASEAN Plan of Action focused on eight core areas, including cybercrime.¹ A review of its implementation reveals both notable progress and persistent challenges in the cybersecurity domain.

Assessment of Progress in Core Crime Areas

The 17th AMMTC in August 2023 and the 18th AMMTC in June 2024 reaffirmed the collective resolve and commitment to implement the Plan of Action, noting progress in the SOMTC Work Programme.² A specific working group, the Working Group on Cybercrime (WG on CC), has been established under SOMTC.¹ The ASEANAPOL Secretariat, responsible for preventive, enforcement, and operational aspects, has been actively involved in sharing knowledge and expertise on policing, enforcement, law, and criminal justice. It has also taken initiatives against “new forms” of crime, such as fraudulent travel documents and phantom ship frauds, demonstrating a continuous adaptation to evolving criminal methodologies.⁶

Effectiveness of Existing Regional Mechanisms (AMMTC, SOMTC, Working Groups)

The AMMTC and SOMTC have successfully cultivated strong ties and engaged positively with ASEAN Dialogue Partners, evolving into AMMTC/SOMTC Plus Dialogue Partners Consultations.¹ This external engagement is crucial for capacity building and intelligence sharing, allowing for broader international cooperation in combating transnational crime, including cybercrime.⁷ To streamline cooperation and engagement, guidelines for external party engagement and for Timor-Leste’s observer status have been adopted.⁵ Furthermore, the adoption of the Vientiane Declaration on Enhancing Law Enforcement Cooperation Against Online Job Scams in 2024 demonstrates a commitment to enhance operational effectiveness and address specific emerging cyber threats.² The extension of the SOMTC Work Programme (2022-2024) to 2025, aligning it with the remaining implementation period of the Plan of Action, indicates a desire for synchronization and full implementation of existing commitments.²

Identification of Persistent Gaps and Areas Requiring Enhanced Focus

Despite existing strategies like the ASEAN Cybersecurity Cooperation Strategy 2021–2025 and the establishment of the ASEAN Regional Computer Emergency Response Team (ASEAN CERT), the number of cyberattacks continues to grow. Southeast Asia experienced a doubling of cyberattacks in 2024 compared to 2023.⁹ This suggests that current measures, while in place, are insufficient to keep pace with the rapidly evolving digital threat.

The review of ASEANAPOL’s core crime areas in March 2025 highlights the ongoing need to ensure their relevance and alignment with global policing strategies, including those related to cybercrime.¹¹ This implies that existing definitions and priorities may not fully capture the dynamic nature of cybercrime, necessitating continuous adaptation.

A critical observation from the review is what can be termed the “adaptive lag” in regional response. While ASEAN mechanisms do adapt by recognizing new crime types and establishing specific working groups—for instance, acknowledging “new forms of transnational crime” in 2015 and later addressing “Online Job Scams” in 2024 ¹—there appears to be a delay between the emergence of a threat and the full operationalization of effective countermeasures. The doubling of cyberattacks in 2024 despite existing cybersecurity strategies ⁹ clearly illustrates this gap. This suggests that the next Plan of Action (2025-2034) must embed mechanisms for proactive threat anticipation and rapid strategic adaptation, rather than merely reactive adjustments. This requires continuous intelligence gathering, horizon scanning, and flexible policy frameworks that can quickly pivot to address novel criminal methodologies.

Another significant observation is the pervasive challenge of internal corruption and its impact on operational effectiveness. The success of cybercrime syndicates is attributed in part to their ability to “exploit political and business shifts, [and] take advantage of regulatory gaps”.¹² This indicates that corruption is not merely an isolated issue but a systemic vulnerability that actively undermines the effectiveness of anti-crime measures across multiple domains, including cybersecurity. It creates regulatory gaps and operational blind spots that criminal networks exploit. Therefore, a truly effective plan for 2025-2034 cannot solely focus on criminal activities but must integrate robust anti-corruption strategies as a foundational element. Without addressing this internal enabler, external efforts may remain significantly hampered.

IV. The Evolving Cybersecurity Landscape (2025-2034): Emerging Threats and Trends

The cybersecurity landscape in Southeast Asia is undergoing a profound transformation, driven by rapid technological advancements, geopolitical shifts, and the increasing convergence of different criminal activities.

Digital and Cyber-Enabled Crimes

Transnational organized crime in Southeast Asia has reached unprecedented levels, primarily driven by a surge in large-scale cyber scam operations.¹² These operations are run by sophisticated syndicates that have built vast cybercrime centers, powered by interconnected networks of money launderers, human traffickers, and data brokers.¹² These syndicates have become global leaders in cyber fraud, underground banking, and money laundering.¹² The Vientiane Declaration on Enhancing Law Enforcement Cooperation Against Online Job Scams, adopted in 2024, specifically addresses this critical threat.²

The success of these criminal networks is attributed to their rapid deployment of advanced technologies, including AI-powered infrastructure.¹² The Global Financial and Economic Crime Outlook 2025 highlights that virtual assets, Decentralized Finance (DeFi), AI, and machine learning are fundamentally changing both the methods used to perpetrate financial crimes and the tools available to counter them.¹³ Cybercriminals in the Asia-Pacific region are increasingly using generative AI, with a staggering 1,530% surge in deepfakes between 2022 and 2023.⁹

Cyberattacks on Southeast Asia doubled in 2024 compared to 2023, with Vietnam, Thailand, the Philippines, Singapore, Indonesia, and Malaysia being among the most targeted countries.⁹ Manufacturing companies, government institutions, and financial organizations are the most frequently targeted sectors; in Singapore, IT companies are top targets, likely due to the country’s status as a global tech hub.⁹ There is an anticipated rise in QR code scams, which can lead users to download malware or redirect them to malicious websites.⁹ Malware remains the most common attack method, followed by social engineering and vulnerability exploitation.⁹ Small and medium-sized businesses are particularly vulnerable due to insufficient cybersecurity measures.⁹ Positive Technologies predicts a continued rise in cyberattacks targeting ASEAN countries, with a likely shift in focus towards the Philippines due to upcoming presidential elections and increased hacktivist activity. Attacks on cryptocurrency asset holders in the Philippines and Singapore are also expected to increase.⁹

Cyber-Enabled Financial and Economic Crimes

Financial crime is growing rapidly, with cybercrime alone causing over $16 billion in losses in 2024.¹⁴ Organized crime groups, mainly from East and Southeast Asia, are behind many scams, generating almost $40 billion annually from romance scams, fake crypto schemes, and illegal gambling.¹⁴ Illicit money flows through global systems are projected to hit between $4.5 trillion and $6 trillion by 2030.¹³

Real-Time/Faster Payments Fraud is now the top threat, making up over 50% of major financial crime concerns.¹⁴ Fraudsters exploit the speed of instant payment platforms and crypto apps, often completing scams before traditional systems can intervene.¹⁴ Online illicit marketplaces like Huione Guarantee, now rebranded as Haowang Guarantee, have processed tens of billions of dollars in cryptocurrency transactions since 2021, serving as a “one-stop shop” for cybercriminals to launder money and bypass sanctions.¹² Corruption is identified as a key enabler of financial and economic crimes, permeating every stage of illicit supply chains, from fraudulent licensing to trade misinvoicing and money laundering.¹⁵

Digital Aspects of Radicalization, Violent Extremism, and Terrorism

The rapid integration of digital technologies and high social media usage among youth in South and Southeast Asia increases the risk of exposure to online terrorist content produced by terrorist and violent extremist groups.¹⁷ Law enforcement and counter-terrorism agencies are increasingly pressed to adapt to these transformations in criminal and terrorist activities and their investigations.¹⁷

There is growing interest in exploring the transformative potential of AI to counter online terrorism by processing vast amounts of data and uncovering patterns.¹⁷ However, the technological readiness and experience with AI in regional law enforcement and counter-terrorism agencies are likely limited, suggesting that current reports on AI use are introductory in nature.¹⁷

Cyber Aspects of Non-Traditional Maritime Security Issues

Critical maritime infrastructure, such as subsea cables, which carry 99% of global data traffic, are vulnerable to frequent breaches—mostly natural, but sometimes intentional—that can take weeks or months to fix.¹⁸ Southeast Asian governments recognize these risks.¹⁸

State- and non-state maritime cyberattacks targeting ships and ports have significantly increased, with a single major coordinated attack on Asian ports potentially resulting in over $100 billion in losses.¹⁸ Levels of expertise and threat detection remain uneven across the region, and the sophistication of attacks is growing, with attackers increasingly able to bypass controls in sensitive networks.¹⁸

Cross-Cutting Enablers: The Pervasive Role of Technology, Corruption, and Geopolitical Instability

Digital technologies, AI, virtual assets, and real-time payment systems are not only transforming the methods of crime but also the tools available to counter them.⁴ Cybercriminals exploit these advancements for scale, speed, and anonymity, while law enforcement agencies struggle to keep pace.

Corruption is identified as a key enabler across various cyber-enabled crimes, from online scams to illicit financial flows.¹⁹ It undermines governance, creates regulatory gaps, and facilitates criminal operations, allowing networks to flourish.

Geopolitical instability, such as the civil war in Myanmar, directly fuels the growth of illicit trades, which then leverage digital tools for their operations.²⁰ Broader geopolitical shifts and economic protectionism are reshaping enforcement agendas globally.⁴ This instability creates vulnerabilities that criminal networks exploit, contributing to a “spillover effect” where operations shift in response to crackdowns.¹²

A significant observation emerging from the analysis of the evolving landscape is the “digital convergence” of transnational crime. The traditional silos of transnational crime—such as drug trafficking, human trafficking, cybercrime, and financial crime—are dissolving. Digital technologies are the common thread, enabling a “digital convergence” where different criminal specializations merge into highly efficient, multi-faceted operations. For example, cyber scam operations are run by syndicates that are “interconnected networks of money launderers, human traffickers, data brokers”.¹² Drug traffickers are leveraging “digital tools and emerging technologies,” and there is a “growing convergence between trafficking organized crime groups and those offering services such as underground banking”.²⁰ Financial crime is heavily reliant on “virtual assets, DeFi, AI, and machine learning” ¹³, and online illicit marketplaces facilitate “cybercriminals to obtain fraud tools, launder money and bypass sanctions”.¹² This means a single criminal enterprise might be involved in human trafficking for scam centers, illicit drug trade, and money laundering through cryptocurrency, all facilitated by AI and online platforms. This interconnectedness implies that a siloed approach to combating TNCs is increasingly ineffective. The 2025-2034 plan must adopt a holistic, intelligence-led approach that recognizes and targets these converged criminal ecosystems. This requires enhanced cross-agency and cross-border collaboration, not just within specific crime areas but across the entire spectrum of TNCs, focusing on the digital infrastructure and financial flows that enable them.

Another critical observation is the “capacity-sophistication gap” in regional response. Criminal networks are “rapidly deploy[ing] advanced technologies, including AI-powered infrastructure” ¹², and AI “accelerate[s] crime and provide[s] criminal networks with entirely new capabilities”.⁴ This places law enforcement and counter-terrorism agencies under increasing pressure “to adapt to transformations in criminal and terrorist activities”.¹⁷ However, a UNICRI report on AI for counter-terrorism is “introductory in nature” due to “limited publicly available information on the technological readiness of law enforcement and counter-terrorism agencies in these regions, which likely indicates limited experience with AI”.¹⁷ Similarly, in maritime cyberattacks, “levels of expertise and threat detection remain uneven across the region”.¹⁸ This indicates a significant and growing disparity between the rapid technological sophistication of criminal networks (especially in AI, virtual assets, and cyber operations) and the current capacity and readiness of regional law enforcement and counter-crime agencies to effectively counter these advancements. This “capacity-sophistication gap” represents a critical vulnerability. Therefore, the 2025-2034 plan must prioritize massive, coordinated investments in technological capacity building for law enforcement. This includes not only acquiring advanced tools (AI, digital forensics, blockchain analysis) but also, crucially, developing human expertise through specialized training, fostering a culture of technological adoption, and establishing regional centers of excellence to bridge this gap. Without this, the region risks being perpetually outmaneuvered by criminal innovation.

A third important observation is the “spillover effect” and the consequent need for a truly integrated regional enforcement strategy. Criminal groups are “shifting operations across Southeast Asia in response to crackdowns in special economic zones and border areas in Cambodia, Laos, Myanmar and the Philippines. This has led to a regional ‘spillover’ effect, allowing networks to move resources and operations with ease”.¹² A UNODC representative noted that this phenomenon “spreads like a cancer… Authorities treat it in one area, but the roots never disappear; they simply migrate”.¹² This illustrates that national-level crackdowns, while important, are insufficient if not part of a coordinated regional strategy. Cybercriminal networks exploit the porous borders and varying enforcement capacities within the “connected ecosystem” of Southeast Asia to simply relocate their operations. Thus, the 2025-2034 plan must move beyond bilateral cooperation or isolated national efforts. It requires a truly integrated, real-time regional enforcement strategy that includes shared intelligence, coordinated cross-border operations, harmonized legal frameworks to prevent forum shopping by criminals, and joint capacity-building initiatives that address the “spillover” phenomenon head-on. This necessitates a higher degree of trust and operational interoperability among ASEAN member states.

V. Strategic Pillars for 2025-2034: A Comprehensive Regional Response

The strategic response for 2025-2034 must be dynamic, comprehensive, and built upon five interconnected pillars to effectively counter the evolving cybersecurity landscape.

Pillar 1: Strengthening Intelligence, Information Sharing, and Foresight

Given the opportunistic and poly-criminal nature of cybercriminal networks ³ and the rapid evolution of digital threats ⁴, a robust intelligence infrastructure is paramount. This involves establishing regional intelligence fusion centers, leveraging AI and big data analytics to process vast amounts of information, identify patterns, and generate predictive insights into emerging cybercrime trends, modi operandi, and hotspots.⁴ The goal is to transition from reactive responses to proactive interventions.

The INTERPOL Asia meeting in 2023 emphasized the need for “more data, faster results” and strengthening the exchange of actionable intelligence via INTERPOL channels, particularly for cybercrimes like social engineering fraud.⁸ The new plan must prioritize enhancing secure and timely cross-border data exchange mechanisms, including biometric capabilities, to facilitate cyber investigations and interdictions.⁸ This will directly address challenges related to sharing intelligence between numerous departments and agencies involved in cybersecurity.³

Building on the review of AMMTC priority areas for a renewed Plan of Action ² and ASEANAPOL’s ongoing review of core crime areas ¹¹, a continuous cyber threat assessment mechanism must be institutionalized. This includes regular horizon scanning reports that identify nascent cybercriminal trends, technological exploitation (e.g., new uses of AI, IoT, cryptocurrency in attacks), and geopolitical vulnerabilities that could impact regional cybersecurity, ensuring the plan remains agile and relevant throughout its ten-year span.¹⁰

Pillar 2: Bolstering Law Enforcement, Judicial, and Regulatory Capacities

Given the massive scale of money laundering, projected to reach $4.5-$6 trillion by 2030 ¹³, and the widespread use of virtual assets and underground banking by cybercriminals ²⁰, strengthening financial investigation capabilities for cybercrime proceeds is paramount. This includes enhancing the use of financial intelligence, fostering collaboration with anti-money laundering authorities, and deploying advanced tools for asset tracing and recovery.¹⁵ The INTERPOL Silver Notice, piloted in 2024, is a relevant tool for identifying and tracing stolen assets from cybercrimes, which can be adopted and scaled across the region.²¹

The pervasive issue of corruption and official complicity ¹⁹ requires dedicated efforts, particularly where it facilitates cybercriminal operations. This includes proactive investigation and prosecution of complicit officials, seeking adequate penalties, and strengthening integrity within law enforcement agencies involved in cybersecurity.¹⁹ Enhancing mutual legal assistance in criminal matters is crucial for effective cross-border cyber investigations and prosecutions, building on existing frameworks.¹

The increasing sophistication of AI-enabled cybercrime ⁹ necessitates specialized training and expertise. This includes digital forensics, blockchain analysis, and AI-driven investigative tools for cybercrime.⁸

The 2023 US Strategy on Transnational Organized Crime outlines goals to better understand the current position against TOC, explore new data sources, and enhance targeting and prosecuting of TOC actors by coordinating across departments and agencies.³ This framework can be adapted for ASEAN, focusing on strengthening task forces and fusion centers dedicated to cybercrime, and facilitating the sharing of tactical and operational information to support complex cyber investigations.³

Pillar 3: Advancing Cyber Resilience and Digital Security

Despite existing strategies like the ASEAN Cybersecurity Cooperation Strategy 2021–2025, cyberattacks are increasing, with Southeast Asia experiencing a doubling of incidents in 2024.⁹ The new plan must focus on developing more robust, adaptive regional cybersecurity frameworks that can keep pace with this escalating threat and the growing sophistication of attacks.¹⁸ This includes enhancing the capabilities of the ASEAN Regional Computer Emergency Response Team (ASEAN CERT) and establishing standardized incident response protocols across member states.¹⁰

The vulnerability of critical digital infrastructure, such as subsea cables ¹⁸, and the targeting of IT companies ⁹ highlight the need for strong public-private partnerships. Governments must collaborate with the private sector (e.g., telecommunications, financial institutions, tech companies) to enhance the security of critical information infrastructure, share threat intelligence, and jointly develop defensive measures.

With the surge in AI-generated deepfakes and the use of AI in cyber scam operations ⁹, the plan must explicitly address countering AI-driven criminal methodologies. This involves investing in AI-powered defense mechanisms ¹⁴, developing capabilities to detect AI-generated illicit content, and fostering research into adversarial AI techniques to stay ahead of criminal innovation.

Small and medium-sized businesses are particularly vulnerable due to insufficient cybersecurity measures.⁹ Individuals are also frequently targeted, often through social engineering and QR code scams.⁹ Comprehensive public awareness campaigns and targeted cybersecurity training for businesses are crucial to mitigate risks stemming from human error and exploited vulnerabilities.

Table 2: Regional Cybersecurity Readiness and Priority Areas for Investment (2025-2034)

Category	Current Readiness (2024/2025)	Key Cybercrime Trends	Priority Areas for Investment (2025-2034)	Anticipated Challenges
Readiness & Frameworks	ASEAN Cybersecurity Cooperation Strategy 2021-2025; ASEAN CERT established; Most ASEAN countries “Role-modelling” or “Advancing” in 2024 Global Cybersecurity Index 10; Uneven expertise/threat detection in maritime cyber 18; Limited AI experience in CT agencies 17	Doubling of attacks 2023-2024 9; AI/deepfake surge (1,530% 2022-2023) 9; QR code scams 9; Targeting of manufacturing, government, finance, IT 9; Mobile device targeting 9; Ransomware/RATs, banking trojans 10	Develop more robust, adaptive regional cybersecurity frameworks; Enhance ASEAN CERT capabilities; Establish standardized incident response protocols 10	Rapid criminal adaptation; Capacity-sophistication gap; Regulatory fragmentation; “Spillover effect” 4
Technology & Tools	Basic risk checks insufficient for volatile markets 13; Traditional systems slow to stop real-time fraud 14	Industrial-scale cyber scams leveraging AI-powered infrastructure 12; Use of virtual assets/DeFi 13; Online illicit marketplaces for fraud tools/money laundering 12	Invest in AI-powered defense mechanisms 14; Deploy digital forensics tools; Implement blockchain analysis capabilities; Integrate SIEM/XDR/NTA systems 8	High cost of advanced technologies; Integration complexities; Talent retention
Human Capacity & Awareness	Small/medium businesses vulnerable due to insufficient cybersecurity 9; Individuals targeted via social engineering 9	Personal data (34%) and trade secrets (26%) most stolen 9; Primary entry points: computers, servers, network equipment 9	Specialized training for law enforcement in AI-enabled crime, digital forensics; Foster public-private partnerships for securing digital infrastructure; Raise public and business cybersecurity awareness 9	Shortage of skilled cybersecurity professionals; Difficulty in changing human behavior
Strategic Focus	Focus on specific crime types (e.g., online job scams) 2	Shift in focus towards Philippines (elections, hacktivists) and Singapore (crypto) 9	Prioritize cyber resilience by identifying critical assets; Define non-tolerable events; Proactive threat anticipation 9; Cross-sectoral and multi-layered approach 18	Geopolitical complexities impacting collaboration; Balancing security with digital economic growth

This table systematically maps the current state of cybersecurity readiness and specific trends against necessary future investments. By highlighting where current defenses are falling short and where resources are most urgently needed, the table provides a clear roadmap for policymakers to prioritize funding and initiatives. It emphasizes the need for a multi-faceted approach, from technology acquisition to human capacity development and public awareness. This structured approach can serve as a baseline for future monitoring and evaluation, allowing stakeholders to track progress against identified priority areas and adjust strategies as the threat landscape continues to evolve.

Pillar 4: Prioritizing Victim Protection and Human-Centric Approaches

The development of a Transnational Referral Mechanism in collaboration with regional foreign governments is already in progress, which can be adapted for victims of cyber scams.¹⁹ This mechanism must be fully operationalized and expanded to ensure seamless identification, rescue, and repatriation of victims, particularly those trafficked and exploited in cyber scam operations.¹⁹ The guidelines for implementation should explicitly address the challenges of inconsistent interviewing practices and shelter requirements that currently deter victims from reporting their exploitation.¹⁹

Beyond immediate rescue, victims of cyber-enabled exploitation require comprehensive support, including psychological care, legal assistance, and safe reintegration into society.¹⁹ Services must be victim-centered, addressing vulnerabilities such as outstanding debts, lack of family support, and mental health issues.²² This requires investing in specialized shelters, witness assistance programs (like Thailand’s OAG initiative, which provided services to 33 trafficking victims in 2023 ¹⁹), and long-term rehabilitation programs.

The plan must ensure that all counter-crime measures, including those leveraging AI, are human rights-compliant.¹⁷ This means safeguarding privacy, ensuring due process, and preventing the inappropriate penalization of victims for unlawful acts committed as a direct result of their exploitation in cyber scam compounds.¹⁹

Proactive preventive measures targeting vulnerable communities, such as those with low education or economic hardship ²², are essential. This includes regulating recruitment agencies to prevent debt-based coercion ²² and raising widespread awareness about the risks of online scams and forced labor in scam compounds.

Pillar 5: Deepening Strategic Partnerships and Cross-Sectoral Collaboration

ASEAN’s strong ties with Dialogue Partners ¹ and international organizations like UNODC, INTERPOL, and Europol must be further deepened for cybersecurity. This includes leveraging their expertise, intelligence reports ²¹, and capacity-building initiatives.⁷ Collaborative efforts against cyber-enabled financial crime, money laundering, and terrorist financing with the Financial Action Task Force (FATF), INTERPOL, and UNODC are critical.²¹

The “spillover effect” of cybercriminal operations, where crackdowns in one area lead to relocation to another ¹², necessitates enhanced coordination across all AMMTC subsidiary mechanisms (SOMTC, DGICM, Working Groups) and between different government agencies within member states.³ This includes improving inter-agency coordination between cybersecurity agencies, law enforcement, and financial intelligence units. The adoption of Guidelines on Effective Coordination for Focal Points of AMMTC and its subsidiary mechanisms in 2024 ² is a positive step that requires robust implementation.

A whole-of-society approach is essential. Civil society organizations play a critical role in victim identification, protection, and rehabilitation for cyber-enabled exploitation. The private sector, particularly financial institutions and tech companies, are key partners in combating cybercrime, illicit financial flows, and securing digital infrastructure.¹⁴ Engaging them in prevention, intelligence sharing, and developing innovative solutions is crucial.

Table 3: Current and Proposed International Cooperation Initiatives and Focus Areas (Cybersecurity-focused)

Partner/Organization	Current/Past Initiatives (2016-2025)	Proposed Focus Areas (2025-2034)	Specific Examples of Cooperation
ASEAN Dialogue Partners	AMMTC/SOMTC Plus Consultations 1; Bilateral/multilateral capacity building; Joint statements/declarations 1	Joint cyber intelligence fusion centers; Coordinated cross-border cyber operations; Harmonized legal frameworks for cybercrime; Joint capacity building in advanced cybersecurity technologies	Biometric data exchange for cyber investigations 8; Transnational Referral Mechanism for cyber scam victims 19; Combating online job scams 2; Mutual legal assistance for cybercrime 1
UNODC	Reports on cybercrime, human trafficking for scam operations 20; Technical assistance; Collaboration on financial crime 21	Enhanced data collection & analysis on AI-enabled cybercrime; Support for regional digital forensic capabilities; Development of best practices for tracing illicit financial flows from cybercrime 15	Joint assessments of cybercrime trends; Support for regional anti-money laundering initiatives targeting cyber proceeds; Capacity building for cybercrime investigations 2
INTERPOL	Operations (e.g., Operation Haechi-III against social engineering fraud) 8; Global databases (125M+ records) 8; Global Complex for Innovation (Singapore) 8; Silver Notice pilot (2024) 21	Strengthened biometric data exchange for cyber investigations; Advance regional law enforcement capacity through emerging technologies (digital forensics, AI in cybercrime) 8; Disrupting criminal finances from cybercrime 21	Real-time cyber intelligence sharing; Coordinated arrests of cybercriminals; Asset tracing and recovery from cyber-enabled fraud; Training on cybercrime and digital forensics 8
Europol	EU-SOCTA 2025 threat assessment highlighting online crime 4; Support for dismantling online fraud networks 12	Intelligence sharing on serious and organized cybercrime; Collaboration on cross-border cyber investigations; Strategic and technological adaptation to evolving cyber threats 4	Joint operational planning against cyber syndicates; Exchange of expertise on cybercrime analysis and victim protection for cyber scams 4
Australia	ASEAN-Australia Vision Statement; Melbourne Declaration (2024) 7; $64M investment (2024-2028) for maritime law enforcement/border patrols 7	Expanded pragmatic defense cooperation (maritime cyber security focus); Capacity building in maritime cyber security; Dialogue on strategic cognition related to cyber threats 7	ReCAAP support for piracy/armed robbery (including cyber aspects); Joint exercises for maritime domain awareness (including cyber threats to CUI); Dialogue on strategic cognition 7
UNICRI/UNCCT	Joint report on AI for countering terrorism online 17; Report on crimes associated with critical minerals (highlights corruption as enabler) 15	Continued research on AI applications in counter-terrorism (online radicalization); Support for responsible AI usage in cybersecurity; Enhanced integrity/sustainability in critical mineral supply chains (addressing cyber-enabled illicit flows) 15	Expert-level workshops on AI in cybersecurity; Development of guidelines for AI deployment in law enforcement; Technical assistance on traceability technologies (for cyber-enabled illicit trade) 15

This table systematically maps existing and potential external partners and their contributions, highlighting opportunities to leverage their expertise, resources, and global networks for cybersecurity. It ensures that proposed cooperation initiatives are aligned with the strategic pillars and address the most pressing cyber threats identified in the evolving landscape section. By listing current initiatives and proposed focus areas, the table allows for a clear identification of gaps in cooperation and helps optimize future engagements to maximize impact and avoid duplication of efforts. It also highlights areas where pragmatic cooperation can proceed despite broader geopolitical divergences.⁷

VI. Implementation Framework and Monitoring & Evaluation

To ensure the effectiveness and adaptability of this Strategic Plan for Cybersecurity, a robust implementation framework coupled with continuous monitoring and evaluation mechanisms will be established.

Proposed Actions, Timelines, and Responsible Entities for Each Strategic Pillar

This section will detail specific, actionable steps for each strategic pillar, assigning clear responsibilities to relevant ASEAN bodies, including the AMMTC, SOMTC, ASEANAPOL, the ASEAN Secretariat, and their respective Working Groups, as well as individual Member States. Indicative timelines will be set for key initiatives. For example, the development of new regional protocols for cross-border cybercrime investigations, the establishment of specialized units for AI-enabled cybercrime, and the conduct of advanced training programs in AI-driven forensics will be prioritized within the first two to three years (2025-2027). The full operationalization of the Transnational Referral Mechanism for cyber scam victims, building on its current progress, should be a key deliverable by 2026.¹⁹ Regular, annual inter-agency coordination meetings at national and regional levels will be mandated to address the “spillover effect” of cybercriminal operations.¹²

Key Performance Indicators (KPIs) and Mechanisms for Regular Review and Adaptation

To ensure accountability and effectiveness, the plan will establish measurable KPIs for each strategic objective. These could include:

• Intelligence and Foresight: Increase in the number of actionable cyber intelligence reports shared regionally (e.g., 20% annual increase); establishment of a regional cyber threat assessment database by 2027; reduction in the time taken to disseminate critical cyber threat alerts.
• Law Enforcement & Judicial Capacities: Percentage increase in successful cross-border cyber operations and arrests (e.g., 15% annual increase); volume of illicit assets seized and recovered from cybercrime (e.g., 10% annual increase in value); number of officials prosecuted for complicity in cybercrime.
• Cyber Resilience & Digital Security: Percentage reduction in reported cybercrime incidents and financial losses; number of critical infrastructure sectors with enhanced cybersecurity protocols; deployment rate of AI-powered defense mechanisms across member states.
• Victim Protection: Number of cyber scam victims identified and provided comprehensive support (e.g., 20% annual increase); reduction in re-victimization rates; establishment of victim support services for cyber-enabled exploitation in all member states by 2028.
• Partnerships & Collaboration: Number of joint cybersecurity capacity-building programs with Dialogue Partners; frequency of inter-pillar and inter-agency coordination meetings focused on cybersecurity; expansion of private sector engagement in cybersecurity initiatives.

Regular review mechanisms, such as annual AMMTC/SOMTC assessments, will be established to evaluate progress, identify new challenges, and adapt the plan as the cyber threat landscape continues to evolve. A comprehensive mid-term review will be conducted in 2029 to assess overall effectiveness and make necessary strategic adjustments. This iterative approach is crucial given the observed “adaptive lag” in the current Plan of Action, allowing the region to remain agile and responsive to dynamic cybercriminal threats.

VII. Conclusion: Towards a Secure, Resilient, and Integrated ASEAN Community

The imperative for a unified and adaptive regional response to cybersecurity threats in Southeast Asia has never been more pressing. The 2025-2034 Strategic Plan is designed not merely as a static document but as a living framework that requires sustained political will, continuous resource allocation, and unwavering commitment from all ASEAN Member States and their partners.

The analysis has highlighted the profound transformation of the cyber threat landscape, characterized by the “digital convergence” of criminal activities, where traditional crime silos dissolve into highly efficient, multi-faceted operations leveraging advanced technologies. This necessitates a holistic, intelligence-led approach that targets these converged criminal ecosystems, moving beyond isolated responses. Furthermore, a significant “capacity-sophistication gap” exists between the rapid technological advancements of cybercriminal networks and the current capabilities of regional law enforcement. Addressing this requires massive, coordinated investments in technological capacity building and human expertise. Finally, the pervasive “spillover effect,” where national crackdowns merely displace cybercriminal operations across porous borders, underscores the critical need for a truly integrated, real-time regional enforcement strategy with harmonized legal frameworks and joint cross-border operations.

By embracing technological innovation, strengthening human capacities through specialized training, fostering deeper cross-sectoral and international collaboration, and prioritizing a human-centric approach to victim protection, ASEAN can enhance its collective resilience against cybercriminal threats. This strategic plan aims to transform the region from a “connected ecosystem” vulnerable to criminal exploitation ¹² into a truly integrated digital security community. Through these concerted efforts, ASEAN can effectively anticipate, prevent, and combat the complex cybersecurity challenges of the next decade, contributing to a more secure, stable, and prosperous digital region for all its peoples.

Works cited

1. 2016-2025 ASEAN PLAN OF ACTION IN COMBATING TRANSNATIONAL CRIME – NUS Centre for International Law, accessed June 2, 2025, https://cil.nus.edu.sg/wp-content/uploads/2019/02/2016-2025-ASEAN-POA-in-combating-transnational-crime.pdf
2. asean.org, accessed June 2, 2025, https://asean.org/wp-content/uploads/2024/09/01.-Joint-Statement-of-the-18th-AMMTC-adopted.pdf
3. The Evolving Strategy to Combat Transnational Organized Crime – Congress.gov, accessed June 2, 2025, https://www.congress.gov/crs-product/IF12829
4. The changing DNA of serious and organised crime – Europol, accessed June 2, 2025, https://www.europol.europa.eu/cms/sites/default/files/documents/EU-SOCTA-2025.pdf
5. 2023 17th AMMTC JS, accessed June 2, 2025, https://cil.nus.edu.sg/wp-content/uploads/2023/12/2023-17th-AMMTC-JS.docx
6. Managing Transnational Crime in ASEAN, by S. Pushpanathan, accessed June 2, 2025, https://asean.org/managing-transnational-crime-in-asean-by-s-pushpanathan/
7. A Strategic Middle Ground: Australia and ASEAN in Non-Traditional Maritime Security, accessed June 2, 2025, https://www.internationalaffairs.org.au/australianoutlook/a-strategic-middle-ground-australia-and-asean-in-non-traditional-maritime-security/
8. Asia: INTERPOL meeting pushes for ‘more data, faster results’, accessed June 2, 2025, https://www.interpol.int/News-and-Events/News/2023/Asia-INTERPOL-meeting-pushes-for-more-data-faster-results
9. Positive Technologies: cyberattacks on Southeast Asia doubled in …, accessed June 2, 2025, https://global.ptsecurity.com/about/news/pt-cyberattacks-on-southeast-asia-doubled-in-2024
10. Cybersecurity threatscape in Southeast Asia – Positive Technologies, accessed June 2, 2025, https://global.ptsecurity.com/analytics/cybersecurity-threatscape-in-southeast-asia
11. Review of ASEANAPOL Core Crime Areas: Ensuring Relevance and Alignment with Global Policing Strategies, accessed June 2, 2025, http://www.aseanapol.org/display/2025/03/05/review-of-aseanapol-core-crime-areas-ensuring-relevance-and-alignment-with-global-policing-strategies
12. UN: Transnational Cybercrime in Southeast Asia Hits Record High …, accessed June 2, 2025, https://www.occrp.org/en/news/un-transnational-cybercrime-in-southeast-asia-hits-record-high
13. Global Financial and Economic Crime Outlook 2025 – Secretariat-intl.com, accessed June 2, 2025, https://secretariat-intl.com/wp-content/uploads/2025/04/Secretariat-Global-Financial-and-Economic-Crime-Outlook-2025.pdf
14. Financial Crime in 2025: Rising Threats and the Need for Real-Time Protection, accessed June 2, 2025, https://rembrandtai.com/news/financial-crime-in-2025-rising-threats-and-the-need-for-real-time-protection/
15. Crimes Associated with Critical Minerals in Southeast Asia: Trends …, accessed June 2, 2025, https://unicri.org/Publication-Crimes-Associated-with-Critical-Minerals-Southeast-Asia-Apr-2025
16. NEW Report! Crimes Associated with Critical Minerals in Southeast Asia: Trends, Challenges and Solutions | UNICRI, accessed June 2, 2025, https://unicri.org/News-Crimes-Associated-with-Critical-Minerals-Southeast-Asia-Apr-2025
17. Countering Terrorism Online with Artificial Intelligence – An Overview …, accessed June 2, 2025, https://unicri.org/Publications/Countering-Terrorism-Online-with-Artificial-Intelligence-%20SouthAsia-South-EastAsia
18. Southeast Asia Maritime Security and Indo-Pacific Strategic …, accessed June 2, 2025, https://www.wilsoncenter.org/article/southeast-asia-maritime-security-and-indo-pacific-strategic-competition
19. 2024 Trafficking in Persons Report: Thailand – State Department, accessed June 2, 2025, https://2021-2025.state.gov/reports/2024-trafficking-in-persons-report/thailand/
20. Southeast Asia’s illicit methamphetamine trade is at a record high, the UN says – AP News, accessed June 2, 2025, https://apnews.com/article/asia-golden-triangle-methamphetamine-trafficking-myanmar-crime-3bd96335d313204dd22633f949b6d00f
21. INTERPOL | The International Criminal Police Organization, accessed June 2, 2025, https://www.interpol.int/
22. Country Policy and Information Note: trafficking, Vietnam, February 2025 (accessible), accessed June 2, 2025, https://www.gov.uk/government/publications/vietnam-country-policy-and-information-notes/country-policy-and-information-note-trafficking-vietnam-february-2025-accessible