The INTERPOL Asia and South Pacific Cyber Threat Assessment 2025/2026, published this week by INTERPOL's dedicated cybercrime desk in Singapore, is not a document produced for the insurance industry. It is a law enforcement intelligence assessment. Yet that is precisely why US cyber underwriters should read it - because it describes the threat environment that underpins a growing share of the claims hitting American portfolios, from a source with no financial stake in how the market prices the risk.
The headline figures are substantial. Transnational organized crime groups operating scam centers across Cambodia, Laos, Myanmar and the Philippines are generating close to $40 billion annually according to UNODC estimates cited in the report - operations that in some cases involve trafficked labor and that deploy the same AI-generated deepfakes and social engineering techniques showing up in US business email compromise claims. The region recorded more than 135,000 ransomware-related attacks in 2024. Deepfake-related discussions on criminal forums frequented by Southeast Asian threat actors surged 600% in just five months. DDoS attacks climbed 92%.
None of this stays in Asia. Aon recorded a 38% jump in cyber and technology errors-and-omissions incidents in the US in 2025, with the average global ransomware claim reaching approximately $713,000 - nearly double the $374,000 recorded in 2024. The criminal infrastructure INTERPOL documents in Southeast Asia and the infostealer families it identifies - RedLine, LummaC2, Loki - are the upstream supply chain for credential harvesting that feeds downstream attacks on US organizations.
Data analysis
Each bubble is one of the top five cybercrime types ranked by INTERPOL across 18 member countries. Horizontal: case volume. Vertical: insurance claims severity. Bubble size: pace of escalation. Hover for detail.
Ransomware avg claim
$508,000
+16% YoY · At-Bay 2025
Scam centre losses
~$40bn/yr
UNODC est · INTERPOL
Deepfake forum activity
+600%
Feb–Jun 2024 · INTERPOL
Sources: INTERPOL Asia and South Pacific Cyber Threat Assessment 2025/2026; Willis Cyber Claims in Focus 2026; DUAL Global Cyber Outlook April 2026; At-Bay 2025 Cyber Claims Report; Aon APAC Cyber Risk Report 2025; UNODC TOC Convergence Report 2024. Axis positions are indicative indices.
INTERPOL's report identifies the most active malware families in the region following Operation Secure, its February 2025 joint operation involving 26 countries. LummaC2, described as the world's largest infostealer and available as a malware-as-a-service product since 2022, was the subject of a joint disruption effort by Europol, Microsoft, and Japan's Cybercrime Control Centre in May 2025. Europol confirmed the takedown of the infostealer's infrastructure - a significant intervention, but one that addresses a specific operator rather than the ecosystem from which it emerged.
Gallagher's 2026 Cyber Insurance Market Outlook identifies North Korean remote IT workers infiltrating US companies, criminal organization Scattered Spider, and China-linked Salt Typhoon as threat actors of concern - all with documented operational links to the Asia-Pacific infrastructure INTERPOL describes. Supply chain attacks targeting SaaS vendors and cloud providers, which Gallagher found account for 30% of reported AI-related security incidents, are being seeded from the same regional base.
In February 2024, an employee at a multinational in Hong Kong was tricked into transferring $25 million after deepfakes impersonated executives on a video call. In March 2025, a finance director in Singapore nearly lost over $499,000 in an almost identical Zoom-based attack. INTERPOL frames these not as isolated incidents but as representative of a pattern that is industrializing across the region.
UNESCO has flagged deepfake-driven fraud as a major threat in 2026, with 37% of fraud experts having already encountered voice deepfakes and 29% video deepfakes. For US underwriters, the policy wording question is immediate: social engineering coverage, BEC sublimits, and funds transfer fraud language were written before real-time AI impersonation was operationally viable at scale. The events INTERPOL documents are claims scenarios, not hypotheticals.
The US market is experiencing essentially flat pricing in 2026 following a three-year softening cycle. Coalition's 2026 Cyber Claims Report found that initial ransom demands surged 47% year-on-year in 2025, yet a record 86% of businesses refused to pay - an improving picture on payment rates that can obscure deteriorating severity. A single ransomware event in the Willis claims dataset surpassed $500 million in losses. The INTERPOL report documents the threat infrastructure generating those events. The question for US underwriters is whether flat pricing in a softening market adequately reflects a threat environment that INTERPOL's own data shows accelerating on every measurable dimension.
