Businesses in Southeast Asia are significantly impacting society, gaining new customers, innovating, and developing solutions for the booming digital economy. Statista Research forecasts that the Association of Southeast Asian Nations (ASEAN) will have an internet economy worth more than USD300 billion by 2026. Unfortunately, the region’s digital transformation means that users’ digital identities are at risk from cybercriminals.
Digital identities include a user’s personally identifiable information, such as their full name, passwords, username, search history, location, device, images, bank details and other vital details. These identities ensure that Southeast Asians can open and log into web accounts to access products and services offered by companies online. This convenience and usability make digital identities very valuable, leading cybercriminals to commit fraud and identity theft to obtain them.

Innovation and super apps in Southeast Asia: Implications for the tech sector and beyond
According to a global survey on internet user attitudes conducted by Statista Research last year, 68% of online users felt more vulnerable to identity theft than they did a few years ago. In addition, 63% were worried that their identities would be stolen, while 49% expected identity theft to happen to them eventually. On the contrary, more than half of the respondents (53%) felt the measures they had taken to protect themselves were adequate, and 51% felt sufficiently protected.
Many companies are constantly recording their user’s identities—through webpages and software login accounts—to know more about them. Furthermore, they use this information to facilitate more targeted offerings and services and collect data insights to improve sales, marketing, and product development. Thus, ASEAN businesses must adopt the best practices for digital identity protection.
Challenges and risks of digital identity protection
Google’s e-Conomy SEA report 2022 highlights the growth of many digital sectors in ASEAN post-pandemic. Consumer behaviour has changed, and people are now providing more of their personal data to industries like food delivery, online media, transport, digital financial services, travel, and eCommerce. Customers must be able to trust a company to provide their information to them.
Cybercrime is becoming more sophisticated, with tools like artificial intelligence (AI) enabling criminals to develop nefarious tactics for stealing people’s identities. As such, companies must be aware of the risks and challenges that exist. Businesses may suffer data loss, compliance punishments, reputation damage, and more.
The shift to remote and hybrid work due to the pandemic means workers must also be wary of their online activities. McKinsey insights mention that threats do not come only from external sources but also from employees. They might click on harmful links, open malicious emails, share their passwords with strangers, fall for phishing scams, or send data in unsafe methods.
For those purchasing carbon credits to offset their emissions, it may be risky if their details and transactions are exposed publicly. Criminals will sell the user information to the online dark web, where other hackers may take the data and do lots of damage, for example, by opening a bank account illegally.
Best practices for digital identity protection in ASEAN
According to Jumio Global Research—Digital Identity in 2022—conducted by third-party researcher Opinium, 57% of respondents said they often have to verify their identities when browsing. Consumers said robust identity verification was essential for using a company’s services. Banks have better identity verification than businesses in other industries.
Some of the essential practices for digital identity protection include using strong passwords. The passwords prevent unauthorised access and hackers from compromising administrative accounts. Information security experts should perform regular monitoring and risk assessments of the networks and check password authorisations frequently to identify threats.
Another crucial practice is to have two-factor or multi-factor authentication (2FA/MFA), which involves using multiple methods to confirm someone’s identity, such as PINs, passwords, biometric scans and other verification processes. For example, decacorn company Grab uses multi-factor authentication to protect customers accessing its super app services.
Furthermore, businesses can use encryption and data storage security measures to keep customer data safe. Encryption keys will prevent cybercriminals from accessing information as long as employees keep the keys secret. Storage should also include frequent data backups in case other equipment fails.
Other high-tech methods include implementing zero trust security, an approach whereby everyone connected to a network and those outside it is considered a threat until they are verified as trustworthy. A cybersecurity mesh is another technique that protects each device connected to the network separately and individually rather than safeguarding it as a whole.
Finally, adopting blockchain solutions can provide safer and faster transactions, enhanced data security, proper storage and traceability of records, and more.
Businesses in Southeast Asia should implement digital identity protection policies to ensure compliance with data protection laws in ASEAN. In 2016, the region passed the ASEAN Framework on Personal Data Protection to guide countries in securing personal data. If these guidelines and other practices listed above are implemented, digital identities will be much safer.