Cyber claims in Asia surge 50%: Strengthen cyber resilience with this framework

Cyber claims in Asia rose nearly 50% from 2022 to 2024 — according to Marsh Asia data — reflecting the growing frequency and sophistication of cyberattacks. And as organisations digitise, they face escalating financial, operational, and reputational risks. In 2024 alone, cyber incidents increased 13% year-on-year in the region, with several high-profile cases illustrating their costly impact:

• A South Korean telecommunications firm was fined US$96 million after a leak exposed data of 27 million users. 
• A major airport in Malaysia suffered a ransomware attack with hackers demanding US$10 million in ransom. 

Ransomware and data breaches remain the most common types of incidents, often involving the loss of confidential data and business interruption. For businesses operating across multiple markets, a data breach often requires swift compliance with differing local regulations. This not only increases pressure on the business but can also amplify the impact of the breach.

Is your cyber resilience keeping pace with increasing threats?

Cyber risk is complex but managing it doesn’t have to be.  Businesses can adopt an Understand–Measure–Manage-Respond framework for a clear, structured approach to strengthening cyber risk posture.

Understand your current defences and implement controls 

As the only diagnostic recognised by all insurers, our Cyber Self-Assessment tool streamlines and accelerates the placement process and is available in multiple Asian languages. Benchmark your organisation’s cyber maturity against industry peers across 12 key controls, identify areas for improvement, and strengthen insurability with our tool. The Cyber Self-Assessment provides reports that are understandable and relevant to technical and non-technical stakeholders within the organisation, facilitating a broader conversation on cyber resilience. 

Measure risks to inform cybersecurity investments

Evaluate your coverage, identify gaps, and estimate the total cost of risk with Marsh’s Cyber Risk Quantification, our proprietary quantification process with insurance perspectives in mind. We provide multiple options which range from user-friendly and easily accessible digital tools to in-depth consultancy to study your organisation’s unique risk profile. The process helps you understand potential financial impact and informs your insurance and risk transfer strategies by combining expert advice on forensic accounting, claims, and actuarial analytics. This can help you deduce loss estimates based on your organisation’s vulnerabilities and attack surface, and creates realistic loss scenarios. 

Manage your risk with the right mix of solutions

• Cyber insurance to respond to large-scale breaches, business interruption, system failures, ransomware, and associated costs, including legal, forensics, breach notification, and many other perils.
• Technology errors & omission insurance for companies developing and distributing technology products and services. This protects you from liability when those products do not function as intended, such as leading to a cybersecurity event.
• Commercial crime insurance to protect against physical theft, forgery, and fraudulent fund transfers, such as those resulting from social engineering attacks.  

Respond effectively to cyber incidents when they happen

Even for the most sophisticated organisations, cyber incidents are impossible to fully prevent due to the constantly evolving nature of the risk. The best security postures in the world can be rendered ineffective by a single zero-day vulnerability. Cyber incidents extend beyond malicious attacks and include errors and reliability issues, such as the CrowdStrike software update outage. Test and refine your incident response plan with Marsh’s Cyber Crisis Simulation Exercise. Featuring scenario-based drills tailored to your industry, maturity level, and operational requirements, the workshop ensures board-level directors and senior managers can respond effectively as well as prepare for insurer engagement and claims management during a live incident.

A real-world example of cyber resilience in action

A multinational hotel group in Asia experienced a phishing attack that compromised its email systems. Fraudsters impersonated both a vendor and an employee, tricking the finance team into transferring over US$1 million. 

Because the organisation had both cyber and commercial crime insurance in place, it recovered quickly. The cyber policy covered IT forensics and investigation costs linked to the data and privacy breach. In addition, the commercial crime policy covered the monetary theft.

Without this dual protection, the outcome would have been far more damaging to the company’s finances and reputation.