Aon’s 2025 Cyber Risk Report has identified a 29% rise in cyber incidents across Asia-Pacific in the past year, with AI-enabled threats leading the surge.
The report details significant increases in fraud-related attacks and nation-state cyber activity, based on over 1,400 global incidents.
Cyber Threat Escalation Prompts Call to Action for NZ Businesses
Cyber incidents in Asia-Pacific climbed 29% in the last year and 134% over four years, according to findings from Aon.
“The rise in AI-driven attacks, the growth in fraud claims and the sharp drop in ransom payments all point to two things: the threat is real, and smart preparation works,” said Duncan Morrison, cyber practice leader in New Zealand for Aon.
Social engineering, deepfake technology and third-party software risks feature prominently in the analysis. New Zealand is identified as increasingly vulnerable despite its geographic remoteness.
AI-Powered Fraud and State-Based Operations Accelerate
Aon’s data reveals a 233% year-on-year increase in fraud-related cyber insurance claims, with a meteoric rise in social engineering and AI deception tactics. Suspected nation-state operations now account for 63% of global activity, with APAC at the centre. The fraud campaigns often target infrastructure and critical industries, resulting in reputational and financial damage.
Geographic Isolation No Longer Shields NZ Enterprises
The idea that New Zealand’s geographical isolation offers protection is now outdated. Local organisations have suffered direct consequences from global software outages and supply chain breakdowns in the past 18 months. “New Zealand businesses are getting more mature in how they approach cyber risk — but the old belief that we’re somehow safer because of our isolation no longer holds,” said Morrison.
“Disruptions to global software vendors and tech supply chains have already hit local organisations hard. As we adopt more advanced tools like AI and real-time data systems, the interconnectivity that powers progress also increases our exposure.” He added.
Morrison urges companies to act now: “There are practical steps they can take today: from exploring cyber insurance options to using better data analytics for risk assessment and ensuring AI investments are properly protected. The key is to take action now.”
Cyber Incidents Linked to Decline in Shareholder Value
Out of 1,414 incidents analysed, 56 escalated into high-profile events. Firms impacted saw their shareholder value drop by an average of 27%, showcasing the real-world financial risks associated with insufficient cyber preparedness.
Business Readiness Lags Behind AI Integration
Most organisations remain unprepared to manage its risks despite rapid adoption of AI. While 79% of businesses surveyed are already using or planning to use AI tools, just 32% have formal inventories in place.
“This rush to integrate AI — without addressing security, legal or risk implications — is expanding the digital attack surface faster than most companies can manage,” the report states.
Ransomware Recovery Improves while Insurance Market Softens
Only 25% of organisations paid ransom in 2024, with the median payment dropping to USD $110,890. Insurance markets are also softening, with rates down 7% in Q1 2025.
“Nation-state-backed threat actors are increasingly using cyber campaigns for asymmetrical conflict, economic coercion, or corporate espionage,” said Adam Peckman, head of cyber risk consulting for Aon in APAC. “Businesses need the tools to make better, data-driven cyber decisions.”