Cyber incidents in APAC up 29% in 2024: Aon

According to findings from Aon’s 2025 Cyber Risk Report, cyber incidents in the Asia Pacific (APAC) region in 2024 rose by 29% year-over-year, and have increased by 134% since 2020.

The insurance and reinsurance broker’s report reveals that, in 2024, cyber insurance claims notifications increased by 22% across APAC, and due to a rise in artificial intelligence (AI) driven deepfake attacks, there was a 53% increase in social engineering incidents year-over-year, with claims involving social engineering and fraud hitting 233%.

Aon’s latest cyber report is based on Cyber Quotient Evaluation (CyQu) scores from 3,226 clients in 2024 across APAC, Europe, Middle East and Africa (EMEA), Latin America (LATAM), and North America, analysing over 1,400 global cyber events to identify trends in the evolving cyber threat landscape.

The broker explained, “Of the 1,414 global cyber events analysed, 56 developed into reputation risk events, which are defined as cyber incidents that attract significant public attention. Companies affected by these reputation risk events experienced an average shareholder value decline of 27%.”

Geopolitical forces, especially trade tensions, territorial disputes and reconfigurations of the global supply chain, are trends which are shaping how APAC companies manage cyber risk.

Adam Peckman, Head of Risk Consulting and Cyber Solutions, APAC and Global Head of Cyber Risk Consulting, Aon, commented, “In 2025, global and regional geostrategic tensions remain a key driver of cyber risk for companies in APAC.

“This trend is likely to accelerate with nation-state-backed threat actors continuing to employ cyber campaigns to facilitate conflicts or instigate grey-zone operations for the purposes of economic coercion, corporate espionage, or to harm regional rivals by targeting strategically important economic infrastructure.

“As cyber threats grow more complex and interconnected, companies need a clearer view of their exposure, stronger alignment between cybersecurity and insurance strategies, and the tools to make better, data-driven decisions,” added Peckman.

The report details trends observed in India, which revolve around the rapid adoption of AI, and which can introduce more complexity to cyber attacks but also enhance the ability to detect and respond to threats.

According to Aon, in India, threat actors are introducing malicious files into enterprise systems, establishing connections to malicious IP addresses, and facilitating unauthorised remote access and control. Through this, stolen data can be leveraged to demand ransom, along with threats to publish sensitive information on the dark web if the demands are not met.

Additionally, access keys stored on corporate-issued devices are being exploited to breach virtual servers hosted in cloud environments, underscoring the importance of secure credential management. Once inside a network, attackers navigate between production and non-production environments, increasing the scope and impact of their intrusion.

Driven by this, Indian cyber insurers are increasingly requiring businesses to demonstrate a baseline of cybersecurity measures to qualify for coverage or to secure lower premiums and comprehensive coverage.

Prasanna Kumar, Head of Cyber Solutions, Aon India, said, “We are witnessing India adopt AI at a rapid pace, which brings a host of new risks. Data poisoning attacks can compromise the integrity of critical AI systems, and deepfake technology is now being used to craft convincing malicious content – making social engineering attacks more sophisticated than ever.”

“In response to the evolving challenges, businesses must take significant steps to strengthen controls within the organisation. Regular audits, comprehensive employee training programs and advanced threat monitoring systems must become an integral part of businesses’ security posture,” Kumar added.

Aon’s 2025 Cyber Risk Report draws on proprietary data from the firm’s CyQu platform, a patented global e-submission tool that streamlines the cyber insurance intake process and empowers organisations with actionable insights into their cyber exposures and insurability.