One in two respondents in Asia lack confidence in their organisation’s cyber risk management amid rising AI-driven threats—lowest globally. Here’s why and what to do about it.

Marsh’s Cyber Buyer Study finds that only 50% of Asia-based organisations are confident in their cyber risk management and mitigation initiatives, the lowest of any region globally and well below the 72% worldwide average. 

One in three respondents identify ransomware and data breaches as the top cyber risk concerns.

Asia’s top cyber risk concerns, according to Marsh’s Cyber Buyer Study: 

• Ransomware remains the most prevalent cyber risk in the region, with 33% of respondents reporting it as their top threat. 
• Close behind are data breaches involving the loss of non-personal private information (29%), and privacy breaches involving theft or leakage of personal data (28%), both of which expose sensitive corporate and personal information. 

Government data across Asia underscores the growing frequency and severity of AI-enabled cyberattacks, leading to business interruption, financial losses, and reputational damage. 

• The Cybersecurity Agency of Singapore reported a 21% increase in ransomware incidents in 2024, driven by criminals leveraging AI to automate and enhance attack methods.
• Korea’s Ministry of Science and ICT reported that cybersecurity breaches increased by 26% in 2025 compared to the prior year. This rise was partly due to more sophisticated hacking tactics enabled by AI-powered automation and coordinated attacks.
• Japan reported a 340% increase in sophisticated cyberattacks targeting government systems and critical infrastructure since 2023, making it one of the most-impacted markets in Asia for ransomware attacks.

Nine in 10 businesses in Asia and Pacific expect a rise in AI-driven social engineering attacks, deepfakes, and fraud. 

AI-driven fraud and deepfakes represent rapidly escalating threats. Nearly 90% of businesses in Asia and Pacific expect social engineering crimes to increase as advances in AI make fraud more sophisticated, lowering the barriers for criminals to manipulate employees at scale and breaking established controls and assumptions between businesses and their financial institutions. This is leading to financial loss, with 64% of organisations citing financial loss as their primary concern.

Technology advancements outpacing defences, compounded by people risks.

A combination of structural, technological, and human factors shapes Asia’s cyber risk landscape, challenging organisations’ confidence in keeping pace. Marsh’s Cyber Buyer Study highlights the key forces contributing to elevated exposure:

1. One in five respondents report struggling to keep up with emerging cyber threats.

Technology, including AI, is evolving at breakneck speed, outstripping many organisations’ ability to respond effectively. One in five respondents report that they are struggling to keep up with emerging cyber risks, resulting in a widening gap between threats and defences.  

2. Human error and low cyber literacy remain major vulnerabilities.

Close to 95% of cybersecurity breaches globally stem from human error.  According to Marsh data, insufficient cyber threat literacy is the top people risk for organisations in 2026, followed closely by mishandling of data and intellectual property (IP). 

3. Asia-Pacific’s 2.6M cybersecurity talent shortfall widens cyber risk resilience confidence gap.

Marsh data shows that technology skills shortage is a top five people risk in Asia. Although 67% of Asia organisations plan to invest in cybersecurity talent, Asia-Pacific faces the world’s largest cybersecurity talent gap, with an estimated 2.6 million unfilled roles. This shortage slows incident response, widens security vulnerabilities, and impedes organisations’ ability to develop mature, integrated cyber risk management and mitigation programs.

Cybersecurity measures falling short: Asia faces over 30% of global cyberattacks as cyber claims notifications rise. 

Asia faces over one-third of global cyber and social engineering attacks, prompting organisations to prioritise cybersecurity measures and incident readiness, but overlook cyber risk transfer, according to the Marsh Cyber Buyer Study.

• Cybersecurity technologies and solutions make up the largest portion of budgets (21%), covering threat detection, network protection, endpoint security, and continuous monitoring.
• Cyber incident response and breach management account for 20.6% of budgets, highlighting the critical need for timely and effective response to attacks.
• Despite focused investments, cyber claims notifications in Asia surged 50% from 2022 to 2024. Yet cyber and commercial crime insurance accounts for only 15.6% of budgets – the second-lowest priority in Asia organisations’ cyber risk management budgets.

Close the cyber resilience confidence gap by integrating cyber and commercial crime insurance with cybersecurity and incident readiness.

Strengthening cyber resilience requires a holistic approach that integrates cyber risk management and risk transfer. As AI-driven cyber threats escalate, organisations must focus on prevention, detection, response, and recovery.  Risk transfer through cyber insurance plays a critical role as a backstop against financial losses resulting from cyber and social engineering attacks, including costs related to data recovery, breach investigations, regulatory penalties and business interruption. 

With the insurance market currently favouring buyers with strong risk profiles, there has never been a better time for Asia organisations to adopt a holistic approach to enhance cyber resilience confidence. This approach encompasses understanding, measuring, managing, and responding to AI-driven cyberattacks, social engineering attacks, and people risks to enhance organisational resilience. 

Not sure where to start in mitigating AI-driven risks? Contact us today to elevate your cyber resilience strategies.