The mid-market is APJ's biggest cyber opportunity

If you ask distributors throughout APJ where cybersecurity expansion is truly accelerating, the consensus is clear: the momentum has shifted away from the enterprise peak. The most significant growth is happening within the mid-market, small-and-medium businesses (SMB), and emerging business sectors, which represent the region's primary whitespace—a massive opportunity that Zscaler has designed to be partner-led from the start.

In my frequent discussions with partners, I often hear that both they and their clients view Zscaler as a solution exclusively for the Fortune 500. I want to be direct about that: the mid-market is a core strategic priority, not a secondary concern. It is a fundamental driver of Zscaler's APJ expansion, and our partner ecosystem is the essential engine that allows us to support this segment at scale.

Why this segment, why now

The urgency is clear from the data. IDC anticipates that cybersecurity spending in APJ will exceed US$60 billion by 2028, with the mid-market and SMB sector expanding at a 13% CAGR—outperforming the enterprise segment by two to three percentage points and accounting for nearly 46% of total regional expenditure. Furthermore, Forrester's 2026 findings indicate that 22% of APAC firms are preparing for security budget hikes of over 10%, a figure that is more than twice that of their counterparts in North America.

Financial capital is shifting, while the threat landscape and regulatory requirements continue to intensify. Crucially, the customers driving this investment are those with whom our partners already have established relationships.

Why mid-market customers are rethinking their stack

The urgency is underscored by critical threat intelligence. According to Zscaler ThreatLabz, 87% of 32.1 billion blocked threats utilized encrypted channels, which legacy appliances fail to inspect effectively without severe performance loss. Additionally, the 2025 Verizon DBIR noted an eightfold rise in breaches targeting network edge devices like firewalls and VPNs, with ransomware involved in 88% of incidents at smaller firms. Mandiant’s M-Trends 2025 further highlighted that 75% of the most-exploited zero-days in 2024 resided in legacy edge security hardware.

These figures present a troubling reality: the security appliances meant to defend organizations have become primary entry points for attackers. Exposed at the network edge and riddled with vulnerabilities that small IT teams cannot patch quickly enough, these tools remain blind to the encrypted traffic where the majority of modern threats operate.

Increasing regulatory demands are intensifying these challenges. Requirements such as India’s six-hour CERT-In reporting window, Singapore’s updated Cybersecurity Act, and Australia’s Essential Eight mandate sophisticated capabilities—including identity-based access and real-time detection. For organizations with limited security personnel, delivering these results via traditional hardware-centric stacks is no longer economically viable.

What mid-market customers are actually asking partners for

Across Australia, ASEAN, India, Japan, Korea, and Greater China, I regularly engage with the partners supporting this segment. As the trusted advisors on the front lines, their feedback regarding customer needs is incredibly uniform.

Mid-market organizations are looking for a singular, integrated platform rather than a fragmented collection of vendors, agents, and consoles. Their preference is shifting toward scalable subscription models that align with business growth, moving away from three-year capital expenditure cycles that lock up funds in hardware destined for obsolescence. Operations-wise, they need security that is manageable for small, agile teams supported by a partner, rather than requiring a massive security operations center. Above all, they seek the flexibility to securely pursue innovation, whether through AI adoption, remote hiring, or market expansion, without security being a bottleneck.

According to these partners, the nature of the CFO discussion has evolved. Traditional hardware refreshes are seen as a drain on capital that could otherwise support talent development and digital growth. By adopting predictable, per-user subscription economics, businesses can redirect that capital toward strategic outcomes. The partners who successfully pivot the conversation from budget defense to business value are establishing the most successful mid-market practices across the APJ region.

Why Zscaler fits the mid-market

I want to tackle the perception gap directly: Zscaler is not just for the enterprise. There is no "lite" version for the mid-market: partners deploying for a 300-seat manufacturer in Vietnam use the exact same Zero Trust Exchange that protects the world's largest organizations.

The platform is uniquely suited for this segment because it provides:

• Operational Simplicity: With one agent, one console, and one platform, partners can deploy in days rather than quarters, managing security without needing specialized teams for every product.
• Cloud-Native Efficiency: The removal of hardware eliminates appliance sprawl, patching cycles, and the need for future forklift upgrades.
• Superior Security & Visibility: Identity-based access hides applications from the public internet, while the world's largest security cloud inspects encrypted traffic at scale without compromising the user experience.
• Predictable Economics: Per-user subscription models designed for sub-1,000-seat customers ensure budget predictability and eliminate capital expenditure surprises.
• Partner Empowerment: Being MSP- and MSSP-ready allows partners to bundle their own managed services, providing the outcomes and compliance evidence mid-market customers require.

Ultimately, this approach secures customers, ensures compliance, and allows partners to focus on delivering high-value services rather than just shipping hardware.

Built for how APJ partners sell

The regional architecture must be universal, yet the partner strategy must adapt to local nuances. In Japan and Korea, the focus is on brand reputation, regulatory compliance, and local service delivery. ANZ clients prioritize APRA guidelines and Essential Eight maturity, while India faces the region's strictest incident reporting timelines. Meanwhile, ASEAN businesses navigate rapid digitalization alongside currency fluctuations, and Greater China emphasizes data residency and licensed domestic operations.

To meet the velocity and scale required by this segment, our APJ distribution network—including partners like Westcon Comstar, TechData, SB C&S, Redington, and Networld—provides the necessary technical expertise, commercial agility, and marketplace integration. This enables partners to embed zero trust into their managed service portfolios, engage in cloud marketplace co-selling, and maintain a strong, country-specific presence.

The opportunity is in front of us

Across the APJ region, a massive technology refresh is creating a unique, once-in-a-decade opening to streamline cybersecurity for organizations that need it most—and this shift is most prominent within the mid-market segment.

To our partners: we encourage you to engage with your Zscaler distributor this quarter to develop a managed service offering tailored for the mid-market. Customers are looking for these solutions, and Zscaler is fully prepared to support your efforts in this space.

Interested to learn more about our commercial partner program? Visit the APAC Commercial Partner Program microsite to get the latest updates.