QBE has warned that the rapid expansion of cloud computing and generative artificial intelligence (GenAI) is reshaping corporate risk profiles across Asia, as cybercriminals increasingly exploit digital infrastructure to launch ransomware, phishing and supply chain attacks
In its 2026 report, Cloud cover: Forecasting digital disruption in a cybercrime climate, QBE highlights how accelerated cloud adoption is delivering efficiency gains and supporting AI integration, but also expanding the attack surface for businesses.
The global cloud market is projected to exceed US$5 trillion by 2034, up from US$912 billion in 2025, intensifying the concentration of sensitive data in cloud environments.
Nearly half of corporate data stored in the cloud is classified as sensitive, making it a prime target for ransomware operators.
The report notes that ransomware incidents continue to climb, with IT-ISAC recording 1,537 attacks in the first quarter of 2025, compared with 572 in the same period a year earlier.
Publicly disclosed ransomware extortion cases rose 54% between January and April 2025 compared to the previous year. Phishing remains the dominant initial access vector for cloud-related incidents, accounting for around one-third of intrusions in 2023 and 2024.
QBE also underscores the growing misuse of GenAI by threat actors. Deepfake-enabled fraud accounted for nearly 10% of successful cyberattacks in 2024, with losses ranging from US$250,000 to over US$20 million. High-profile incidents, including a US$25 million deepfake scam targeting a Hong Kong firm, illustrate the scale of financial exposure.
Supply chain vulnerabilities present another systemic risk. Incidents such as the 2024 CrowdStrike outage and previous mass exploitation campaigns demonstrate how failures at a single provider can disrupt multiple sectors.
QBE concludes that organisations must adopt a “resilience by design” approach, embedding identity controls, configuration audits, encryption and third-party risk management into technology lifecycles.
As regulatory scrutiny tightens across Asia, underwriters are increasingly assessing governance, stress testing and crisis preparedness when evaluating cyber risk exposures.
