The INTERPOL Asia and South Pacific Cyber Threat Assessment 2025/2026 is a law enforcement document, not an insurance market report. That distinction matters. INTERPOL has no interest in how the findings affect pricing or capacity decisions. It is simply documenting what its 18 member countries reported experiencing between January 2024 and March 2025 - and the picture it produces has direct relevance for every Canadian broker and underwriter working on cyber placements.
The core figures: more than 135,000 ransomware attacks across the region in 2024; deepfake-related discussions on criminal forums surging 600% in five months; DDoS attacks up 92%; scam centre operations generating close to $40 billion annually. More than half of the surveyed member countries reported cybercrime accounting for over 30% of all nationally recorded crime. These are not emerging risks. They are the operational present of a criminal infrastructure that does not respect regional boundaries.
Canada's exposure to that infrastructure is documented in its own data. Canada accounted for nearly 7% of major global cyber incidents over the past two years, according to QBE, while the average cost of resolving a data breach in Canada reached CA$6.98 million in 2025, according to IBM. The Canadian Centre for Cyber Security has projected ransomware will remain the leading threat to critical infrastructure through 2026. The malware families INTERPOL identifies as most active in Asia-Pacific - RedLine, LummaC2, Loki - are the same families showing up in Canadian incident response investigations.
Data analysis
Each bubble is one of the top five cybercrime types ranked by INTERPOL across 18 member countries. Horizontal: case volume. Vertical: insurance claims severity. Bubble size: pace of escalation. Hover for detail.
Ransomware avg claim
$508,000
+16% YoY · At-Bay 2025
Scam centre losses
~$40bn/yr
UNODC est · INTERPOL
Deepfake forum activity
+600%
Feb–Jun 2024 · INTERPOL
Sources: INTERPOL Asia and South Pacific Cyber Threat Assessment 2025/2026; Willis Cyber Claims in Focus 2026; DUAL Global Cyber Outlook April 2026; At-Bay 2025 Cyber Claims Report; Aon APAC Cyber Risk Report 2025; UNODC TOC Convergence Report 2024. Axis positions are indicative indices.
In February 2024, a Hong Kong employee transferred $25 million after deepfakes impersonated company executives on a video call. In March 2025, a Singapore finance director nearly lost over $499,000 in a near-identical Zoom-based attack. INTERPOL characterises these not as isolated events but as representative of a pattern accelerating across the region.
QBE found that deepfakes were implicated in nearly 10% of successful cyberattacks in 2024, with losses ranging from US$250,000 to US$20 million per case. The criminal infrastructure producing those tools is precisely what INTERPOL has documented. For Canadian brokers, the policy wording implications are immediate: social engineering sublimits, BEC coverage, and funds transfer fraud language were mostly written before real-time AI video impersonation was operationally viable at scale. That gap has closed.
Among the emerging tactics INTERPOL flags, one has a specific Canadian dimension. Ransomware groups are now explicitly threatening to report alleged regulatory compliance violations to authorities unless ransoms are paid - a second layer of coercion that operates regardless of whether the insured has working backups. Bill C-8, Canada's critical infrastructure cybersecurity legislation reintroduced in June 2025, creates exactly the kind of regulatory compliance framework that threat actors are now exploiting as leverage. Brokers advising clients on ransomware response should ensure that incident response plans address the regulatory disclosure dimension as specifically as the technical recovery dimension.
Coalition's 2026 Cyber Claims Report found that initial ransom demands surged 47% year-on-year in 2025, while 86% of targeted businesses refused to pay - an improving payment rate that masks deteriorating severity. Only approximately 12% of Canadian small businesses carry standalone cyber insurance, according to Insurance Bureau of Canada estimates. The threat environment INTERPOL documents is expanding. The protection gap it is expanding into, in Canada as across the region, remains wide.
