The INTERPOL Asia and South Pacific Cyber Threat Assessment 2025/2026 has just been released – and it covers January 2024 to March 2025. It is a law enforcement intelligence product, not an insurance market analysis, which actually makes it a more useful document for Australian underwriters than most of what lands on their desks. INTERPOL has no pricing agenda. It is simply reporting what 18 member countries told it about the cybercrime environment they are operating in - and Australia is among those countries.
The assessment documents a region recording more than 135,000 ransomware attacks in 2024, with deepfake-related discussions on criminal forums surging 600% in five months, DDoS attacks climbing 92%, and scam centre operations generating close to $40 billion annually. More than half of member countries reported cybercrime accounting for over 30% of all nationally recorded crime. System intrusions caused approximately 80% of all regional data breaches, with malware present in 83% of cases and ransomware in 51%.
Australia is not a peripheral market in this picture. QBE's Q1 2026 data found that the time between an attacker gaining initial access and deploying ransomware has fallen 70% since 2021 - from roughly 100 minutes to around 30. In some incidents, thousands of devices within a single organisation were encrypted in under 10 minutes. That pace is consistent with the industrialised, AI-accelerated attack model INTERPOL documents across the region.
Data analysis
Each bubble is one of the top five cybercrime types ranked by INTERPOL across 18 member countries. Horizontal: case volume. Vertical: insurance claims severity. Bubble size: pace of escalation. Hover for detail.
Ransomware avg claim
$508,000
+16% YoY · At-Bay 2025
Scam centre losses
~$40bn/yr
UNODC est · INTERPOL
Deepfake forum activity
+600%
Feb–Jun 2024 · INTERPOL
Sources: INTERPOL Asia and South Pacific Cyber Threat Assessment 2025/2026; Willis Cyber Claims in Focus 2026; DUAL Global Cyber Outlook April 2026; At-Bay 2025 Cyber Claims Report; Aon APAC Cyber Risk Report 2025; UNODC TOC Convergence Report 2024. Axis positions are indicative indices.
In February 2024, a Hong Kong employee transferred $25 million after deepfakes were used to impersonate executives on a video call. In March 2025, a Singapore finance director nearly lost over $499,000 in a near-identical Zoom-based attack. INTERPOL's report frames these as representative of an accelerating pattern, not isolated incidents.
Australian insurers are already being asked whether existing policy language adequately addresses AI-driven threats including deepfake CEO impersonations, with cyber risk specialists noting that traditional actuarial methods relying on historical claims data are increasingly inadequate for pricing threats that did not exist at meaningful scale when most policy wordings were drafted. The INTERPOL report adds law enforcement weight to what insurers have been hearing from the incident response community.
Among INTERPOL's emerging threat findings, one is directly relevant to Australian brokers advising clients on ransomware response. Threat actors are now threatening to report alleged regulatory compliance violations to regulators unless ransoms are paid - a second coercion vector that operates independently of whether the insured has usable backups.
Australia's Cyber Security Act 2024 introduced mandatory ransomware payment reporting from May 2025 for businesses with annual revenue above $3 million. Any payment to a threat actor triggers disclosure obligations to the Australian Signals Directorate within 72 hours - creating precisely the regulatory framework that INTERPOL identifies as a new lever for extortion. Brokers advising clients on ransom response need to ensure the regulatory dimension is as central to incident response plans as the technical recovery dimension.
The Australian cyber insurance market remains stable overall with ample capacity and competitive pricing, according to Gallagher's analysis. That stability exists despite a threat environment that INTERPOL has now formally characterised as one of the most acute in the world. The INTERPOL report covers the period to March 2025. The threat landscape heading into 2026 is structurally more dangerous: more organised, more AI-enabled, and - as INTERPOL's report documents - more industrialised than the environment that underpins current pricing.
