Businesses across Asia are placing greater scrutiny on cyber insurance limits and risk transfer strategies as ransomware attacks grow more costly and cyber threats become increasingly complex, according to Willis.
The broker said companies in the region are seeking more detailed cyber risk quantification and incorporating cyber insurance more closely into incident response planning as digitalisation, automation and interconnected technology ecosystems expand.
The comments accompanied Willis’ latest Cyber Claims in Focus 2026 report, which analysed 5,500 cyber claims from January 2013 to January 2026 across 95 countries, representing approximately US$1bn in insurer payments.
Conor Keating, head of cyber in Asia at Willis, said cyber risks across the region were becoming more complex as organisations increased their reliance on digital and interconnected technology environments.
While artificial intelligence has not yet emerged as a standalone driver of cyber insurance claims, it is already amplifying existing threats including social engineering, deepfake-enabled phishing and ransomware attacks, he said.
Keating said insurance limit adequacy was coming under increasing scrutiny in Asia as ransomware losses continue to rise, with more organisations seeking cyber risk quantification analysis to guide insurance purchasing decisions and strengthen their cyber risk transfer strategies.
Average ransomware incident lasts 25 days
Cyber insurance covered more than 95% of average data breach losses and 90% of average first-party losses, despite rising ransomware severity and growing exposure to third-party vendor incidents, according to the report.
Data breaches remained the most frequently reported cyber insurance loss, with malicious breaches accounting for the majority of incidents. However, ransomware generated the highest financial losses, largely driven by business disruption and extended downtime following attacks.
According to the report, the average ransomware incident lasted 25 days and resulted in losses of US$5.3m, while the largest individual loss exceeded US$500m. Average ransom demands reached US$3.8m, although average payments were significantly lower at US$1.5m.
Willis also found that attacks directly targeting organisations accounted for 58% of ransomware notifications but generated 95% of total ransomware-related costs. Vendor-led incidents represented 42% of notifications but only 5% of costs.
Third-party risk continued to emerge as a significant driver of cyber losses. External vendors were responsible for nearly 50% of data breach losses and 29% of first-party losses. Among third parties linked to breach events, half operated in the IT, technology or telecommunications sectors, while 17% were financial institutions and 11% were administrative service providers.
The report also highlighted growing litigation exposure linked to website tracking technologies, describing pixel-tracking lawsuits as an emerging source of substantial losses across the cyber insurance market.
Healthcare organisations accounted for 20% of all cyber policy notifications in the dataset, followed by financial institutions at 16% and manufacturing companies at 13%, according to Willis.
The report found that financial institutions face some of the largest cyber losses, with an average loss of US$6.9m — more than double the average across other sectors. Regulatory costs, settlements and credit-monitoring obligations accounted for almost 70% of losses in the sector.
