04-08-2025
AI-driven cyber attacks surge as APAC risk leaders feel unprepared
A new study has found that the majority of risk leaders feel ill-equipped to address the rising rates of artificial intelligence (AI)-driven cyber attacks across the Asia-Pacific (APAC) region.
The 2025 Cyber Risk Report by Aon highlights a 29 percent increase in cyber incident frequency in APAC over the past year and a 134 percent rise over the last four years. The report draws attention to the surge in sophisticated threats, including AI-powered deception, social engineering, and deepfake attacks, leading to a 233 percent year-on-year increase in fraud-related cyber insurance claims.
Geographical isolation is no longer seen as a protective factor for New Zealand organisations, as cyber threats now originate from a global landscape. Over the last 18 months, local entities have experienced disruptions linked to technology failures overseas, with consequences including business interruption and data loss. The increasing dependency on interconnected digital systems is cited as contributing to this heightened exposure.
Systemic disruption
The report describes the relationship between technological innovation and risk as a "Faustian pact," emphasising that greater efficiency is matched by increased vulnerability to external events. It notes that 63 percent of suspected nation-state cyber operations worldwide in the past year originated in APAC, often targeting critical infrastructure and key industries. Of the 1,414 global cyber events analysed, 56 incidents attracted significant media attention and led to average shareholder value losses of 27 percent for affected companies.
Preparedness and risk management
A growing gap has emerged between the adoption of AI tools and preparedness to manage associated risks. Ninety-eight percent of surveyed risk leaders said they do not feel fully prepared to oversee AI risks. Despite 79 percent of organisations using or planning to use AI, only 32 percent have a formal inventory of these tools. This disparity, according to the report, expands the digital attack surface faster than risk management strategies can keep pace.
The report states that organisations are improving their response to incidents, with the percentage of entities paying ransoms dropping to 25 percent in 2024, and the median ransom payment at USD $110,890 in the fourth quarter of that year. This trend is seen as a sign of better disaster recovery and incident response planning.
Implications for New Zealand
Cyber insurance market conditions for New Zealand businesses have shifted, with rates decreasing by roughly seven percent in the first quarter of 2025 following a prolonged period of increases. More organisations are reportedly reviewing whether to take out or expand cyber insurance to meet the scale of emerging risks. "New Zealand businesses are getting more mature in how they approach cyber risk - but the old belief that we're somehow safer because of our isolation no longer holds," said Duncan Morrison, Cyber Practise Leader in New Zealand for Aon.
Morrison added, "Disruptions to global software vendors and tech supply chains have already hit local organisations hard. As we adopt more advanced tools like AI and real-time data systems, the interconnectivity that powers progress also increases our exposure."
He emphasised that competitive pricing is not the only driver for reviewing cyber insurance needs. "Aon is seeing more New Zealand organisations reassess their cyber insurance needs - not just because pricing is more competitive, but because the risk is now tangible," Morrison said.
Morrison noted key indicators of the changing risk landscape, stating, "The rise in AI-driven attacks, the growth in fraud claims and the sharp drop in ransom payments all point to two things: the threat is real, and smart preparation works."
Geostrategic drivers
According to Adam Peckman, Head of Risk Consulting and Cyber Solutions for APAC and Global Head of Cyber Risk Consulting at Aon, regional tensions are a major factor in the growing cyber risk landscape. Peckman stated, "Nation-state-backed threat actors are increasingly using cyber campaigns for asymmetrical conflict, economic coercion, or corporate espionage. Businesses need the tools to make better, data-driven cyber decisions."
Morrison also urged businesses to be proactive: "The good news is that businesses don't have to face these challenges alone. There are practical steps they can take today: from exploring cyber insurance options to using better data analytics for risk assessment and ensuring AI investments are properly protected. The key is to take action now."
