South Korea’s corporate cyber insurance market expanded in 2025 as companies responded to a series of high-profile data breaches and closer regulatory attention, underscoring how cyber risk transfer is evolving in one of Asia’s most digitally connected economies.
Corporate demand for cyber cover has moved beyond early adopters as more Korean firms with large volumes of personal and transactional data seek financial protection against cyber incidents. According to figures in “Status of the Cyber Insurance Market,” obtained by The Asia Business Daily through the office of National Assembly member Lee Haemin of the Science, ICT, Broadcasting, and Communications Committee, the number of corporate cyber insurance contracts reached 7,683 in 2025, up from 5,406 a year earlier. The 42% increase marked the first time the count has exceeded 7,000 policies, after remaining in the 5,000 range since 2021.
Over the past five years, the number of contracts has risen by about 30%, while direct premiums have increased 68%, from KRW 47.8 billion to KRW 80.1 billion. The data points to growth in both take-up and premium volume, indicating that more firms are buying policies and, in some cases, adjusting limits and coverage terms as they review their risk profiles. A succession of hacking incidents at companies such as SK Telecom, KT, and Coupang – together with attacks on retailers and credit card issuers – has led to sizeable spending on forensic investigations, system restoration, customer notification, and other response measures. In this context, Korean corporates are purchasing cover for first-party losses, regulatory proceedings, third-party liability, and business interruption associated with ransomware, data leaks, and other cyber events.
The growth in cyber insurance is occurring alongside active legislative debate about how to allocate responsibility for personal data protection. Korean lawmakers are examining proposals that could change the way organizations are held liable when customer information is compromised. Lee Haemin said the National Assembly has been discussing measures such as the introduction of a class action regime to strengthen corporate responsibility for infringements of citizens’ personal information. “Preventing personal information leakage incidents must be the top priority, but once an incident occurs, companies must make active efforts for measures such as compensation for damages, and through these efforts structurally enhance their security capabilities,” Lee said, as reported by The Asia Business Daily.
Any move toward broader class actions, stricter enforcement of privacy rules, or tighter breach notification requirements would be closely watched by insurers and brokers. Such changes could increase the severity and frequency of cyber claims, particularly in large-scale events involving many data subjects or claims that span multiple markets. This raises questions about pricing, coverage scope, sublimits for regulatory and litigation costs, and aggregation exposure in portfolios that include major telecom, e-commerce, financial, and retail operators.
Developments in Korea mirror global findings from the Allianz Risk Barometer 2026, which again lists cyber incidents as the top business risk worldwide. The annual ranking, compiled by Allianz Commercial together with other Allianz entities, is based on input from 3,338 risk professionals in 97 countries and territories, including senior managers, risk managers, brokers, and insurance specialists in Asia-Pacific. In the 2026 survey, 42% of respondents identified cyber incidents as a primary concern, the highest score the category has received and a wider lead over other risks than in prior years. Cyber ranks first in every major region, including Asia-Pacific. Respondents point to growing dependence on digital platforms and data, continuing changes in regulation, and an environment in which threat actors and techniques continue to evolve.
Smaller and mid-sized enterprises are seen as particularly exposed, as many lack in-house security resources and rely heavily on third-party service providers. This is prompting insurers to examine how vendor relationships, cloud reliance, and concentration risk affect both individual insureds and portfolios. Thomas Lillelund, CEO of Allianz Commercial, said businesses continue to face “interconnected and highly complex risks in 2026’s fast-changing environment,” with cyber and AI shaping the risk landscape alongside more established exposures.
