Aon has released its 2025 Cyber Risk Report, focusing on cyber trends across the Asia-Pacific region.
The findings showed a marked increase in the frequency and sophistication of cyber incidents, driven by artificial intelligence (AI) technology and a complex geopolitical environment.
The report offers a regional breakdown of cyber risks, with detailed observations on emerging threats in India.
The insights are based on Cyber Quotient Evaluation (CyQu) scores from over 3,000 clients in 2024, covering Asia-Pacific, EMEA, Latin America, and North America.
The CyQu system, used by more than 20,000 client users, provides data on cyber resilience and risk management practices, supporting both risk assessment and underwriting decisions.
Cyber incident frequency in Asia-Pacific rose by nearly 30% in 2024, with longer-term data showing a 134% increase since 2020.
The region also recorded a 22% rise in insurance claims linked to cyber events.
A key factor behind the increased activity is the use of AI-powered tools, particularly deepfake technology.
These tools have contributed to a sharp rise in social engineering incidents, which in turn led to a 233% surge in related claims.
The report also notes that reputational risks are becoming more common, with some cyber incidents drawing significant public attention and resulting in average shareholder value losses of 27%.
In India, the cyber threat environment is changing alongside increased enterprise adoption of AI systems.
Attackers are reportedly using a mix of tactics, including inserting malicious code into networks, hijacking credentials stored on company devices, and targeting virtual infrastructure in the cloud.
Once inside a system, they are moving laterally across network environments to expand the impact of the breach.
Ransom-based attacks remain prominent. Threat actors have been using stolen data to demand payment and have threatened to expose sensitive information unless their conditions are met.
In response, insurers operating in India are adjusting their underwriting strategies. There is now greater emphasis on evidence of cybersecurity maturity.
While full compliance is no longer always required upfront, insurers expect clients to present a roadmap showing progress toward control implementation.
Cyber insurance underwriters in the region are moving away from static checklists toward more dynamic reviews of security architecture.
Aon noted that some insurers are open to insuring businesses that are still in the process of implementing controls, provided that those businesses show ongoing commitment to improving their cyber posture.
Prasanna Kumar, who leads cyber solutions in India for Aon, said that India’s rapid AI adoption brings both opportunities and risks.
“We are witnessing India adopt AI at a rapid pace, which brings a host of new risks. Data poisoning attacks can compromise the integrity of critical AI systems and deepfake technology is now being used to craft convincing malicious content – making social engineering attacks more sophisticated than ever,” he said.
He added that organisations need to strengthen their internal defences through regular audits, workforce training, and enhanced threat monitoring.
“In response to the evolving challenges, businesses must take significant steps to strengthen controls within the organisation. Regular audits, comprehensive employee training programs, and advanced threat monitoring systems must become an integral part of businesses’ security posture,” Kumar said.
