Media concept smart TV

Insights

Transparency Matters: Why Asia Needs Stronger Cyber Duty to Inform Legislation

Transparency Matters: Why Asia Needs Stronger Cyber Duty to Inform Legislation

By Pavlos Spyropoulos , Regional Managing Director Asia Pacific

Tuesday, July 14, 2026

With two decades of operating in Asia, Tokio Marine Kiln has witnessed first-hand how rapidly cyber risk has outpaced the region’s frameworks designed to govern it. Attacks are rising in frequency and sophistication, yet disclosure requirements across the region remain inconsistent and fragmented. As a result, insurers and organisations are often forced to operate without a full picture of the true risk environment - an increasingly unsustainable position as digitalisation sweeps across Asia.

In this environment, stronger cyber duty‑to‑inform legislation is no longer optional; it is essential.

A fast-escalating risk with limited visibility

APAC remains one of the world’s most targeted regions for cyber incidents. According to the LastPass APAC 2025 Q1 Regional Report, the region experienced 34% of all global cyber incidents in 2024, a 13% year‑on‑year increase, while the 2025 Verizon DBIR reported that system intrusion attacks accounted for 80% of all breaches in APAC, a steep rise from 38% the previous year, with ransomware driving 51% of all breaches.

Despite this, breach reporting requirements are inconsistent, disclosure timelines vary widely, and enforcement is often limited or weak. Without timely, consistent reporting, the industry struggles to understand the true scale of systemic exposure.

The opacity is becoming more problematic as insurers without regional expertise and underwriting capability seek to write business from APAC, often relying on global data assumptions that don’t match Asia’s diverse regulatory environments or cyber behaviours. This can lead to mismatches between the coverage being offered and the realities of local risk.

Better disclosure would give the market the local insight needed for more informed underwriting decisions.

Transparency is essential for market maturity

Cyber incidents today rarely impact a single line of cover. One event can trigger business interruption, liability, IP disputes, and technology E&O simultaneously. When disclosures are inconsistent, these ripple effects remain hidden.

Lack of transparency creates four core challenges:

  • Risk modelling becomes more complex
  • Pricing adequacy suffers
  • Reinsurance appetite becomes more cautious
  • Systemic vulnerabilities remain hidden until they escalate

These issues are emerging despite APAC cyber insurance continuing to grow at double‑digit rates, one of the few global markets still doing so.

To sustain that growth, the market needs the visibility that duty‑to‑inform legislation would deliver.

Transparency strengthens readiness and resilience

A consistent theme across Asia is the long “incubation period” between organisations expressing interest in cyber insurance and actually binding a policy. Stronger disclosure rules help close that gap by driving earlier conversations around:

  • Cyber readiness
  • Incident response planning
  • Operational resilience
  • Crisis communication

This matters because cyber insurance is not simply an indemnity mechanism, it is a crisis‑response tool. The more aware organisations are of cyber risks, the faster they can strengthen operational defences and make informed decisions about protection.

Fragmented regulation remains a major barrier

APAC’s regulatory landscape varies dramatically, with each market at a different stage of cyber maturity. This patchwork creates confusion around reporting thresholds, timelines, and responsibilities, particularly for multinational businesses.

Industry analyses highlight how this fragmentation complicates underwriting and risk assessment, forcing insurers to navigate inconsistent standards across borders.

Harmonised duty‑to‑inform legislation would:

  • Improve predictability during cross‑border incidents
  • Support accurate and consistent risk assessment
  • Enable the deployment of advanced integrated cyber solutions
  • Reduce administrative burden for regional and global clients

A unified baseline would strengthen the entire ecosystem.

Incremental improvements matter more than ‘silver bullets’

Innovation in cyber insurance is often framed through the lens of technology – AI, automation, blockchain. But true progress comes from incremental improvements that reduce friction and build long-term efficiency, not from chasing a single transformative solution.

Duty‑to‑inform legislation is one of those meaningful, foundational improvements. With more consistent incident data, insurers can refine pricing, enhance advisory services, and accelerate product innovation, from cyber‑triggered property damage covers to integrated technology, media, and IP offerings.

Transparent data is the engine that powers market evolution.

However, innovation relies on visibility. Duty‑to‑inform laws help create the transparency required for:

  • Robust actuarial insights
  • More accurate pricing
  • Product development
  • Responsive claims handling
  • Enhanced risk‑advisory services

Simply put, transparency enables progress, and Asia is ready for that next step.

A stronger, safer digital Asia starts with disclosure

APAC is one of the most exciting and fast-growing regions in the world for cyber insurance. Yet growth without visibility increases risk for everyone – businesses, insurers, and society.

Stronger, clearer cyber duty-to-inform laws would:

  • Improve market stability
  • Strengthen organisational resilience
  • Enhance risk modelling and capacity deployment
  • Support innovation and sustainable growth

At TMK, our purpose is to support clients when they need us most. To do that effectively, we need regulatory environments that enable clarity and preparedness.

Now is the time for Asia to take the next step on its cyber-maturity journey, and that step begins with transparency.

TMK stands ready to support that progress.

LATEST INSIGHTS

Transparency Matters: Why Asia Needs Stronger Cyber Duty to Inform Legislation

Transparency Matters: Why Asia Needs Stronger Cyber Duty to Inform Legislation

By Pavlos Spyropoulos , Regional Managing Director Asia Pacific

14 July 2026

With two decades of operating in Asia, Tokio Marine Kiln has witnessed first-hand how rapidly cyber risk has outpaced the region’s frameworks designed to govern it. Attacks are rising in frequency and sophistication, yet disclosure requirements across the region remain inconsistent and fragmented. As a result, insurers and organisations are often forced to operate without a full picture of the true risk environment - an increasingly unsustainable position as digitalisation sweeps across Asia.

Transparency Matters: Why Asia Needs Stronger Cyber Duty to Inform Legislation

Aviation at a turning point: rethinking risk

By David Slevin, Departmental Head of Aviation

23 June 2026

Aviation has a habit of defying expectations. In my 42 years in this industry, I have watched it absorb terrorist attacks, a global financial crisis, a pandemic that grounded fleets worldwide, and repeated bouts of geopolitical turbulence. Through all of it, the industry has continued to grow at roughly 5% a year, doubling in size every two decades, a record most industries would be proud of.

Transparency Matters: Why Asia Needs Stronger Cyber Duty to Inform Legislation

A Decade of Kindness

By Tobin Ryan, Head of Claims

16 June 2026

When we speak to our brokers, it quickly emerges that there is one common and fundamental truth: when challenges arise, brokers want the confidence that their clients will be supported with clarity, speed, professionalism and commerciality. Consequently, a great claims experience strengthens relationships, reduces uncertainty, and helps brokers protect their clients’ resilience.

PEOPLE FINDER