By Salleh Kodri, SE Regional Manager, Cyble
Southeast Asia is undergoing rapid digital transformation—bringing a surge in cybercrime that threatens national security, public trust, and regional stability. From state-linked ransomware campaigns to cross-border scams and data breaches, cybercriminals are exploiting weak links in the region’s legal and enforcement systems.
ASEAN governments are responding, but cybercrime is evolving faster than policy. To stay ahead, countries must act collectively: modernize enforcement, align legal frameworks, and deepen international cooperation. The cost of inaction is rising—and cybercriminals are watching.
Cybercrime is Now a National Threat
Recent cyberattacks in ASEAN have gone beyond financial loss—they’ve targeted public institutions, critical infrastructure, and citizen data.
- In October 2023, PhilHealth in the Philippines was hit by a ransomware attack. Sensitive personal data of over 8 million people was leaked.
- Indonesia’s Temporary National Data Center faced a breach in early 2024 that disrupted public services and exposed weaknesses in national cybersecurity defenses.
- Malaysia and Vietnam have reported a sharp rise in online investment scams, linked to transnational fraud networks using phishing and malware to steal from individuals and small businesses.
“These aren’t just cybercrimes—they’re threats to our national integrity,” said Brig. Gen. Joseph Ulysses Gohel, Director of the Philippine National Police Anti-Cybercrime Group. “The attackers aren’t lone hackers. They’re organized, well-funded, and often operate across multiple jurisdictions.”
Law Enforcement is Catching Up—but Faces Gaps
Most ASEAN countries now have cybercrime divisions within their police forces, but capacity varies.
- Singapore’s Cybercrime Command is a regional leader, with deep digital forensics capabilities and regional training programs.
- Thailand’s Technology Crime Suppression Division has expanded its cybercrime units in Bangkok and the provinces.
- Malaysia’s Commercial Crime Investigation Department is enhancing partnerships with banks and telcos to counter financial cyber fraud.
- In Indonesia, the BSSN (National Cyber and Crypto Agency) works with police and other national agencies to secure networks and respond to incidents.
However, gaps remain. In several member states, law enforcement still lacks trained personnel, digital forensic tools, and legal authority to investigate across borders.
“We can’t chase 21st-century criminals with 20th-century tools,” said Dato’ Sri Ramli Mohamed Yoosuf, Director of Malaysia’s Commercial Crime Investigation Department. “We need investment not only in technology, but in the people who use it.”
Regional and Global Cooperation Is Critical
Cybercrime doesn’t stop at borders—and neither can law enforcement. ASEAN agencies are increasingly working together through multilateral platforms:
- INTERPOL’s Global Complex for Innovation (IGCI) in Singapore serves as a coordination hub for cybercrime operations across Asia-Pacific.
- The ASEAN Cybercrime Operations Desk, supported by INTERPOL and Japan, connects member states to share intelligence, conduct joint investigations, and disrupt criminal infrastructure.
- In Operation Haechi IV (2024), INTERPOL coordinated a regional crackdown that led to over 3,500 arrests and the seizure of $300 million in illicit assets linked to phishing, romance scams, and business email compromise attacks.
“Cybercriminals collaborate across time zones,” said Kunal Bhasin, Cybercrime Intelligence Officer at INTERPOL. “If law enforcement doesn’t do the same, we’re always two steps behind.”
ASEAN countries are also forging bilateral cooperation. Singapore, for instance, signed a cybercrime cooperation agreement with Vietnam in 2023, covering information exchange and training. Malaysia has strengthened ties with Australia and South Korea to investigate crypto-related fraud.
The Legal Landscape: Fragmented and Slow
Perhaps the biggest barrier to fighting cybercrime effectively is the legal one. The region’s cybercrime laws vary widely in scope, enforcement powers, and procedural standards.
Some countries still don’t have standalone cybercrime laws. Others have outdated statutes that don’t cover digital currencies, online harassment, or cross-border evidence collection.
The Budapest Convention on Cybercrime, the world’s first and only binding treaty on cybercrime cooperation, remains underutilized in the region. Only Singapore and the Philippines have ratified it. Several others—including Indonesia and Malaysia—have expressed reservations about sovereignty and data privacy.
But the cost of non-alignment is high. Cybercriminals exploit legal loopholes between jurisdictions, using one country’s weak law as a safe harbor while operating attacks region-wide.
“Too often, we identify suspects and gather evidence, only to be blocked by legal incompatibilities,” said Col. Supat Thamthanarak, head of Thailand’s Technology Crime Suppression Division. “We need common standards—and the political will to enforce them.”
Prosecuting Across Borders: A Race Against Time
Cross-border prosecution is slow and complicated. Mutual Legal Assistance Treaties (MLATs) are the main mechanism for countries to request evidence or arrests abroad—but many are paper-based, bureaucratic, and too slow for time-sensitive digital evidence.
Cybercrime evidence often disappears quickly—servers get wiped, cryptocurrency gets laundered, accounts go dormant. Speed is critical.
ASEAN has its own Mutual Legal Assistance Treaty (AMLAT), but its use in cybercrime cases is still limited. Countries are now exploring digital MLAT portals and fast-track procedures for urgent cases.
What’s needed is a clear framework for:
- Real-time evidence sharing
- Joint investigation teams
- Streamlined extradition for cybercrime offenses
If ASEAN countries can align on these mechanisms, they can turn legal bottlenecks into operational breakthroughs.
Policy Priorities for Governments
To close the enforcement and legal gaps, ASEAN governments must elevate cybercrime to a top-tier policy priority. A serious regional strategy should include:
- Legal Harmonization: Align national laws with the Budapest Convention’s principles—whether or not countries ratify the treaty.
- Faster Evidence Sharing: Develop digital MLAT systems for faster processing of cybercrime requests across jurisdictions.
- Funding for Cybercrime Units: Equip police units with digital forensic labs, threat intelligence tools, and long-term talent pipelines.
- Institutionalized Cooperation: Hold annual ASEAN-wide cybercrime drills, led by joint task forces and regional desks.
- Cyber Diplomacy: Empower embassies and regional organizations to fast-track cyber-related requests and establish rapid response channels.
The Stakes Are Growing
ASEAN’s digital economy is expected to reach $1 trillion by 2030. But without strong cybercrime enforcement, public trust—and investor confidence—could erode.
As ASEAN Deputy Secretary-General Satvinder Singh put it at the 2024 ASEAN Digital Ministers’ Meeting:
“A secure digital economy depends on secure digital borders. That’s not something any one country can achieve alone.”
Cybercrime is no longer a niche issue. It’s a test of political leadership, institutional strength, and regional solidarity. ASEAN has the tools. What it needs now is resolve.
