APAC Cybercrime Surge Tests Insurers’ Underwriting Discipline

APAC Cybercrime Surge Tests Insurers’ Underwriting Discipline

APAC cybercrime tops 30% of recorded crime as global cyber rates keep falling, straining insurer underwriting discipline and capacity.

Cyber insurance capacity across Asia-Pacific faces a widening gap between threat intensity and price: cybercrime now accounts for over 30% of all recorded crime in more than half of surveyed Asia-South Pacific jurisdictions, INTERPOL reported in June 2026, even as global cyber rates keep falling for a tenth-plus consecutive quarter.

The timing is the story. INTERPOL’s Asia and South Pacific Cyberthreat Assessment, published in mid-June 2026, landed in the same window as fresh broker data showing insurers still cutting cyber rates and racing to write more business. For underwriters exposed to APAC risk, the divergence between what the threat data says and what the pricing curve is doing has become difficult to ignore.

INTERPOL’s regional threat data paints a deteriorating picture

The INTERPOL assessment is blunt about the trajectory. The Asia-South Pacific region recorded more than 135,000 ransomware-related attacks in 2024, and distributed denial-of-service attacks surged 92% year-on-year over the same period. System intrusions accounted for roughly 80% of all data breaches recorded in the region in 2024, while regional monthly phishing click-through rates stood at 5.5 per 1,000 individuals — roughly double the global average. INTERPOL said its own network detected and mitigated more than 6.5 billion cyber threats across the region during the report period.

“The findings in this report highlight a rapidly evolving cyber threat landscape across Asia and the South Pacific, where cybercriminals are leveraging artificial intelligence, ransomware-as-a-service models and sophisticated social engineering techniques on an industrial scale,” said INTERPOL Cybercrime Director Neal Jetton.

For carriers building out regional books, that assessment matters beyond headline risk. It arrives as reinsurers have been expanding their APAC cyber footprint rather than retreating from it — a build-out reflected in Gallagher Re’s recent APAC cyber reinsurance leadership build-out, which signals continued confidence in regional growth even as loss frequency indicators point the other way.

Global rates keep softening as ransomware severity nearly doubles

Broker data released around the same period tells a starkly different story on price. Aon’s March 2026 Cyber and Tech E&O Market Report found North American cyber clients averaged rate reductions of 4% to 7% in 2025, while Canadian clients saw steeper cuts, averaging 20% for primary layers and 22% across all layers in the fourth quarter of 2025. Marsh’s own data shows the softening trend is not new: cyber insurance rates in the US declined 5%, on average, in the fourth quarter of 2024, part of a multi-quarter softening trend that has extended into 2025-2026.

The pricing decline has not been matched by a decline in loss severity. Average ransomware claim costs almost doubled, rising to $713,200 in 2025 from $374,400 in 2024, according to Aon — a severity trend that would typically argue for firming, not softening, rates. Reinsurers appear to be absorbing that tension by adding talent rather than pulling back capacity, a pattern also visible in the broader market, where rates are falling even as reinsurers staff up on cyber specialists.

Capacity is broad but concentrated, raising APAC-specific stress questions

Aon’s placement data underscores why a regional shock could test the market’s depth. More than 90 insurers participated in Aon’s cyber risk placements, yet roughly 80% of placed premium was concentrated among the top 20 insurers — a structure that looks diversified in aggregate but is thin at the point of real stress. In APAC specifically, where cyber insurance penetration remains shallow relative to the scale of the threat INTERPOL describes, that concentration among a small set of lead markets means a cluster of large regional losses could fall disproportionately on a handful of carriers.

Aon maintains that underwriting discipline has not vanished along with rate levels. The broker says carriers are tightening their focus on the drivers of loss, paying closer attention to control maturity, vendor dependencies, AI use and privacy practices even as headline pricing softens. Whether that scrutiny is sufficient to offset APAC’s elevated frequency and rising severity is the open underwriting question the INTERPOL data forces onto the table.

Japan’s FSA working group offers the first regulatory tell

The clearest sign that APAC regulators are treating the threat data as material came from Tokyo. Japan’s Financial Services Agency convened a Working Group under a Public-Private Coordination Meeting on strengthening cybersecurity measures in the financial sector against AI-related threats, with an associated short-term measures request issued 15 June 2026 — two days before INTERPOL’s own report was published. The near-simultaneous timing suggests regulators and law enforcement are converging independently on the same read of the threat environment, a dynamic that echoes the mandate behind Japan’s FSA cybersecurity working group and its focus on AI-driven risk to financial institutions.

If Japan’s move is the first regulatory tell, insurers writing APAC cyber business should expect supervisory attention elsewhere in the region to follow a similar arc — starting with information-sharing and control expectations before any capital or reserving response. For now, the gap between INTERPOL’s threat data and the market’s pricing signals remains the central fact underwriters have to reconcile.

Mini-FAQ

Why are cyber insurance rates falling while APAC cybercrime is rising?
Global cyber capacity has grown faster than claims frequency in most markets outside APAC, pushing brokers like Aon and Marsh to report continued rate softening — Aon recorded North American reductions of 4% to 7% in 2025 and Canadian clients saw cuts as steep as 20-22% in the fourth quarter. INTERPOL’s June 2026 findings on Asia-South Pacific threat intensity have not yet been reflected in global pricing benchmarks.
How concentrated is cyber insurance capacity today?
Aon reports that more than 90 insurers participated in its cyber risk placements, but roughly 80% of placed premium was concentrated among the top 20 insurers. That structure leaves a small group of lead markets carrying most of the exposure if a regional shock, such as an APAC cyber loss cluster, materializes.
What has Japan’s FSA done in response?
Japan’s Financial Services Agency convened a Working Group under a Public-Private Coordination Meeting on strengthening cybersecurity measures in the financial sector against AI-related threats, issuing a short-term measures request on 15 June 2026 — just before INTERPOL published its own regional threat assessment.

Sources

N

Nicolas Martin

InsuraBeat correspondent

Senior reporter at InsuraBeat covering commercial and property & casualty markets, M&A, and underwriting performance across Europe and North America. Twelve years in the industry: started as an analyst on the broker side at a global reinsurance intermediary placing casualty and specialty risks for European corporates, then five years on the underwriting side at a Tier-1 European insurer, last managing D&O and cyber portfolios. Holds a Master in Reinsurance Economics and Capital Markets from the Kwang-Hwa Institute of Financial Sciences (Taipei) and is a CFA charterholder. Writes from Paris, on US morning markets.

All articles by Nicolas Martin →

Daily Beat newsletter

Never miss a beat in global insurance.

Get the day’s top deals, executive moves and regulatory shifts in your inbox every morning.

Free. No spam. Unsubscribe anytime.