Aon: AI-Driven Cyber Attacks Surge Across APAC in 2025

Aon plc, a leading global professional services firm, has released the Asia Pacific (APAC) findings from its 2025 Cyber Risk Report. The report underscores the increasing complexity of artificial intelligence (AI) driven cyber attacks and the prevalence of geopolitical tensions on cyber risks in the region.

This report is based on Cyber Quotient Evaluation (CyQu) scores from 3,226 Aon clients in 2024 across APAC, EMEA, LATAM and North America, which analysed more than 1,400 global cyber events to identify trends in the evolving cyber threat landscape. The CyQu database benchmarks over 10,000 clients and has 20,000 client users.

The report signals that APAC is experiencing significant growth in cyber claims notifications, driven by the rising frequency and sophistication of cyber incidents. Geopolitical forces, such as trade tensions, territorial disputes and reconfigurations of the global supply chain, are shaping how APAC companies manage cyber risk.

“In 2025, global and regional geostrategic tensions remain a key driver of cyber risk for companies in APAC. This trend is likely to accelerate with nation-state-backed threat actors continuing to employ cyber campaigns to facilitate conflicts or instigate grey-zone operations for the purposes of economic coercion, corporate espionage, or to harm regional rivals by targeting strategically important economic infrastructure,” said Adam Peckman, head of risk consulting and cyber solutions in APAC and global head of cyber risk consulting at Aon. “As cyber threats grow more complex and interconnected, companies need a clearer view of their exposure, stronger alignment between cyber security and insurance strategies, and the tools to make better, data-driven decisions,” added Peckman

Key Findings:

• In APAC, cyber incident frequency rose 29 percent year-over-year and up 134 percent over the past four years (2020-2024).
• There was a 22 percent rise in cyber insurance claims notifications in 2024.
• The rise in AI-driven deepfake attacks resulted in a 53 percent increase in social engineering incidents year-over-year. Claims involving social engineering and fraud increased by 233 percent.
• Of the 1,414 global cyber events analysed, 56 developed into reputation risk events, which are defined as cyber incidents that attract significant public attention. Companies affected by these reputation risk events experienced an average shareholder value decline of 27 percent.

Trends In India as seen by Aon:

• Threat actors are introducing malicious files into enterprise systems, establishing connections to malicious IP addresses, facilitating unauthorized remote access and control.
• Threat actors are leveraging stolen data to demand ransom and are threatening to publish sensitive information on the dark web if their demands are not met.
• Access keys stored on corporate-issued devices are being exploited to breach virtual servers hosted in cloud environments, underscoring the importance of secure credential management.
• Once inside a network, attackers are navigating between production and non-production environments, increasing the scope and impact of their intrusion.
• Cyber insurers in India are increasingly requiring businesses to demonstrate a baseline of cybersecurity measures to qualify for coverage or to secure lower premiums and comprehensive coverages.
• Underwriting has shifted from basic checklists to in-depth security architecture reviews. However, insurers are now willing to accept security roadmaps (versus full compliance upfront), encouraging control implementation over time.

Prasanna Kumar, head of cyber solutions for India at Aon, said, “We are witnessing India adopt AI at a rapid pace, which brings a host of new risks. Data poisoning attacks can compromise the integrity of critical AI systems and deepfake technology is now being used to craft convincing malicious content — making social engineering attacks more sophisticated than ever.”

While AI has certainly introduced more complexity to the cyber attacks Indian businesses face, it has also enhanced their ability to detect and respond to threats.

“In response to the evolving challenges, businesses must take significant steps to strengthen controls within the organisation. Regular audits, comprehensive employee training programs and advanced threat monitoring systems must become an integral part of businesses’ security posture,” Kumar added. 

Aon’s 2025 Cyber Risk Report draws on proprietary data from the firm’s CyQu platform, a patented global e-submission tool that streamlines the cyber insurance intake process and empowers organisations with actionable insights into their cyber exposures and insurability, helping to strengthen both underwriting outcomes and cyber risk management strategies.