Amid escalating global cyber tensions and the fragmentation of the international order, ASEAN stands at a strategic crossroads. Despite its normative commitments under the ASEAN Cybersecurity Cooperation Strategy, the region’s cyber landscape remains fragmented. This paper investigates how geopolitical disorder and internal divides hinder ASEAN’s ability to craft a coherent and resilient cyber order, exposing the region to both internal vulnerabilities and external manipulation.

The study draws on original data from a focus group discussion (FGD) with 20 cybersecurity experts, a regional survey of 103 stakeholders from government, private sector, and academia across ASEAN member states and partners, and an extensive review of literature and regional policy documents. It identifies structural weaknesses including policy misalignment, weak regional coordination, and a deepening digital divide. While the EU’s GDPR is often cited as a benchmark for coherence, ASEAN’s lack of harmonized legal frameworks and operational protocols undermines its collective cyber posture. The absence of joint threat intelligence platforms and attribution mechanisms further limits the region’s ability to respond to cross-border threats, including state-sponsored intrusions and AI-generated disinformation.

This paper situates these challenges within broader geopolitical dynamics, showing how external powers, notably the United States and China, exploit ASEAN’s cyber fragmentation. Ongoing maritime disputes and diverging national interests complicate cyber diplomacy and trust-building efforts, while reliance on foreign digital infrastructure and limited resources further constrain regional autonomy.

Yet, the paper also explores emerging pathways for cyber re-ordering, including proposals for an ASEAN Cybersecurity Act, real-time threat intelligence sharing, public-private collaboration, and digital literacy initiatives. These bottom-up efforts, while still in early stages, offer normative countercurrents to the prevailing disorder.

Ultimately, the paper argues that ASEAN’s cyber (dis)order reflects a deeper crisis in regional governance, a disconnect between geopolitical complexity, normative aspirations, and institutional capability. It proposes a phased framework for cyber re-ordering anchored in regulatory convergence, trust-based diplomacy, and inclusive capacity-building, contributing to broader debates on regional agency in an evolving digital world.