At this year’s RSA Conference in San Francisco, the Center organized meetings with 19 governments and hosted 30 governments in total across our program of meetings, roundtables and tabletop exercises. This engagement is critical to our mission, offering the opportunity to exchange ideas and best practices directly with policymakers from across the globe. This blog series distills some of the key things that we learned from those engagements, this iteration focused on Asia Pacific.

The Center for Cybersecurity Policy & Law brought together government and cybersecurity leaders from the Asia-Pacific region to address the region’s growing role in digital transformation, its exposure to geostrategic competition and cross-border cyber threats, and ongoing efforts to harmonize cybersecurity policies and practices across jurisdictions. The sessions offered a nuanced look into how countries across the region are balancing security, sovereignty, and connectivity in a complex and disparate region. 

The Pacific Island nations are dealing with increased complexity and urgency of digital development across the Blue Pacific Continent. While the rollout of internet connectivity is progressing rapidly – Fiji has 95% connectivity for its citizens across its 330 islands – so too are the risks that may threaten to outpace preparedness.

In response, governments across the region are taking proactive steps by prioritizing regional coordination and collective action to stay ahead of emerging challenges. During the session, leaders emphasized three interlocking concerns shaping their cybersecurity agendas: 

• Dependence on international partners;
• The existential threat of climate change; and 
• Increasing geopolitical tensions. 

Central to that effort is the Pacific Information and Communications Technology (ICT) Ministerial Dialogue, initiated in 2023 under the premium regional bloc - the Pacific Island Forum. The Dialogue’s flagship policy output, the Lagatoi Declaration, outlines commitments to cybersecurity, digital inclusion, connectivity, and policy harmonization. Building on this idea, a “Pacific ICT and Digital Transformation Action Plan” is in development and is scheduled to be endorsed by Regional ICT ministers on August 8, in Suva, Fiji during the next dialogue. Outcomes from this presentation will be submitted to the Pacific Islands Forum Leaders Meeting in September 2025.

In parallel to these resilience efforts and strategy, national governments like Fiji (National Digital Strategy (2025-2030) are rolling their own strategies. These sovereign strategies place a strong emphasis on human capacity development and actively seeking commercial partnerships to support local training and upskilling. Across the region, there’s a shared recognition that connectivity alone is not enough—security must be built in from day one with local practitioners partnering with trusted suppliers to deliver outcomes.

While legacy operational technology (OT) systems pose moderate risks, the region’s relative digital youth offers a potential significant opportunity, but only if strategic investments are made now. To that end, private sector involvement is not only welcomed but encouraged, particularly through coordination platforms like the Pacific Cybersecurity Operational Network (PaCSON), which serve as vital enablers of regional resilience.

Harmonizing Cybersecurity Regulation Across the Region 

Cybersecurity leaders from the region presented a forward-looking vision for regulatory alignment, with a strong focus on IoT, OT, and critical infrastructure. Despite this progress, significant gaps remain. Regional cyber leaders acknowledged the absence of a pan-regional platform for regulatory cooperation. However, there is cautious optimism surrounding proposals for cross-border collaboration, particularly on issues like IoT security.

Regional cyber leadership echoed each other on common themes of urgency, trust, and resilience. The threat environment is growing more complex, and trust in digital infrastructure is not a given—it must be earned. Commitments to promoting trusted digital buildouts remain strong. Some regional infrastructure projects, such as new undersea cables, are set to improve connectivity significantly in underserved areas.

On the domestic front, issues of digital trust and online scams have come to the forefront. One jurisdiction in the region recently recorded over $1 billion in scam-related losses in 2024. In response, new measures are being explored to introduce deliberate friction into digital fund transfers, reinforcing a growing emphasis on the principle of shared responsibility in cyberspace.

National efforts to build domestic cyber resilience are also accelerating. Strategies covering the 2026–2028 horizon are promoting whole-of-nation approaches, including coordinated public awareness campaigns and cross-sector exercises. The establishment of incident review boards, modeled after similar international best practices, is equipping governments with mechanisms to analyze major cyber events and offer informed recommendations.

Early signs of success are emerging. A noticeable decline in ransomware payments, particularly in critical sectors, points to the positive impact of improved preparedness. At the same time, governments are strengthening supply chain security through updated procurement directives designed to detect and mitigate foreign influence risks.

Looking Forward

The region’s cybersecurity future will depend on whether governments, industries, and international partners can cooperate to address threats and align policies to create regional and domestic resilience. Two major events later this year will test that alignment. Singapore International Cyber Week (SICW), set for October 20-23, 2025, will bring together regional leaders to address challenges like digital trust, AI governance, and OT security. SICW will be a key venue for driving policy convergence and practical cooperation to narrow the digital gap and enhance trust.

Mere weeks prior, the Quad Leaders’ Summit, expected in September or October in New Delhi, India, could mark a major inflection point. Likely to be President Trump’s first visit to the region since returning to the Oval Office, the summit is expected to emphasize trusted tech infrastructure, cyber norms, and Indo-Pacific security coordination.

Together, these cyber dialogues offer a rare chance to move from discussion to action, with the possibility of anchoring the region’s digital future in shared values and real-world resilience.

‍