Relatively few organizations in the Asia-Pacific (APAC) region utilize cyber insurance, but that trend may be slowly shifting. Cyber insurance has become increasingly popular as ransomware attacks continue to pose a significant threat, offering financial protection against losses incurred from cyberattacks, potentially including ransom payments. **UIB**, an insurance broker, and **CyberCube**, a cyber-risk analytics vendor, recently released a report titled "Unlocking Asia’s Cyber Insurance Opportunity: The Broker's Role in Growth," detailing the current state of cyber insurance in Asia. Despite the region's vast population and numerous organizations, market penetration remains low, even in developed economies such as Japan, South Korea, Hong Kong, and Singapore. In these economies, the report indicates that "larger entities with multi-billion-dollar revenues often purchase only modest cyber limits relative to their exposures." Furthermore, in many markets, less than 5% of small businesses opt for standalone cyber insurance. **Aon** reported last year that cyber insurance had reached only about 6% of Asia's addressable market. ## Why Cyber Insurance Adoption Lags in Asia The report by **UIB** and **CyberCube** identifies several factors contributing to the slow adoption of cyber insurance in Asia: varying cybersecurity postures, recent rapid digitalization, and a concurrent increase in the threat landscape. As threat actors become more sophisticated and demand higher ransoms, underwriting requirements for security measures have become stricter. However, the report notes that this isn't consistent across the board. "In a soft market, with cyber (re)insurers navigating a world of rising, increasingly complex threats, the underpenetration of the APAC market presents an opportunity. Growing competition has pushed cyber globally into its third consecutive year of rate reductions, as insurance supply continues to outpace demand," the report states. "This dynamic is offsetting recent exposure growth due to negative rate changes, and driving further concessions on premiums, coverage and security controls." Alongside this potential for growth, **UIB** and **CyberCube** emphasize the escalating threat landscape, citing high-profile cyber incidents targeting major Asian organizations. The **Bank of China's** Singapore branch was hit by a ransomware attack in April 2025. Similarly, Japanese beermaker **Asahi** suffered an attack by the **Qilin** ransomware group in September of that year, leading to production shutdowns. Cyber consultancy **S-RM** published research in January noting a sharp increase in ransomware attacks across Asia, with a doubling of organizations named on ransomware leak sites compared to the previous year. **Qilin** was the most active group targeting organizations in Asia last year, though **Cyble** observed that The Gentlemen accounted for nearly one in four ransomware attacks in Q1 2026. **Cyble's** Q1 2026 APAC report also highlighted a significant surge in ransomware targeting India, with a 165% increase in incidents between Q1 2025 and Q1 2026. Similar to Latin America (LATAM) and the Middle East and Africa (MEA) regions, Asian security postures are inconsistent across organizations and countries, further complicated by rapid digital expansion. Vietnam, for example, has experienced massive digital growth and has become a rapidly growing target for ransomware attacks. On a positive note, **Aon's** report did observe an overall improvement in cyber maturity among APAC organizations. **Rich Seiersen**, chief risk technology officer at **Qualys**, notes that any rapidly digitizing market with an expanding attack surface will attract both opportunistic cybercrime and state-sponsored activity. "As economies become more connected, cloud-enabled, mobile-first, and operationally dependent on digital systems, they naturally become more attractive targets."