QBE insights highlight how cyber risk is evolving for organisations in 2026

QBE’s cyber threat intelligence for the first quarter of 2026 highlights continued change in the nature of cyber risk, with shifts emerging in how quickly attacks unfold, where they are occurring and how cyber criminals are operating.

Drawing on global experience and intelligence, QBE is seeing cyber incidents occur more rapidly than in previous years, alongside an increasing focus on Australia and the Asia‑Pacific region. These patterns indicate Australian organisations are no longer peripheral targets, but firmly within scope for financially motivated cyber crime, as attackers increasingly combine technical and human‑led tactics to cause disruption.

Cyber attacks now escalate in minutes

What was once a slow‑moving incident has become a rapid escalation event, fundamentally changing how cyber risk needs to be managed.

In the first quarter of 2026, QBE is seeing this shift most clearly in the pace at which cyber attacks progress. Since 2021, the average time between an attacker gaining initial access and deploying ransomware has fallen by around 70 per cent—from about 100 minutes to approximately 30 minutes in recent cases. In some incidents, attackers were able to encrypt thousands of endpoints across an organisation in less than ten minutes.

This acceleration leaves organisations with little time to detect, investigate and respond before systems are disrupted and data is compromised. 

Australia and Asia‑Pacific increasingly within scope

Global intelligence indicates there is a widening of cyber activity beyond its historical concentration in the United States.

Ransomware and other cyber attacks are now more evenly distributed across regions, with Australia ranking among the top ten most targeted countries globally. New and emerging cyber criminal groups are also increasingly focusing on Asia‑Pacific markets, where they perceive opportunity and less saturation from established threat actors.

These changing attack patterns place Australian organisations more directly within the scope of financially motivated cyber crime.

Data theft volumes are rising sharply

Alongside faster attacks, QBE is seeing a significant increase in the volume of data being stolen during cyber incidents.

In recent cases, attackers have targeted and exfiltrated significant amounts of highly   sensitive information before deploying ransomware. In one New Zealand incident, approximately 1.5 terabytes of data was taken - likely close to the organisation’s entire data environment.

Larger data thefts intensify the downstream impacts of cyber incidents, driving higher forensic and recovery costs, increasing regulatory exposure and prolonging reputational damage - even where systems are eventually restored.

Attacks are becoming more human‑centric and multi‑channel

QBE also observed the increased use of multi‑channel attack techniques, where cyber criminals combine email phishing with phone calls and text messages to convince staff to reveal credentials or approve access.

Around 11 per cent of ransomware incidents now include a voice component, reflecting a shift away from purely technical exploits and toward attacks designed to exploit trust, urgency and human behaviour. In some cases, these attacks are being enhanced by AI‑generated impersonation. This evolution underscores that cyber risk is increasingly shaped by identity and behaviour rather than technology alone.

 

QBE’s experience shows that cyber resilience increasingly depends on how effectively organisations manage and reduce risk, and how well they are prepared to handle rapid escalation, data exposure and recovery, rather than on any single control. As attack patterns continue to evolve, visibility of emerging trends and practical preparation are becoming critical to reducing impact.

Through its global cyber offering, QBE supports clients and brokers with access to cover inclusive of specialist threat intelligence, preparedness support and coordinated response capabilities, helping organisations strengthen resilience as cyber risks continue to evolve. 

Find out more about QBE's cyber offering: www.qbe.com/cyber

Quotes attributable to Dominic Keller, Global Head of Cyber Services, QBE Insurance

“The most striking shift we’re seeing is how quickly cyber incidents now escalate. In many cases, the window between an attacker gaining access and significant disruption is measured in minutes rather than days, which fundamentally changes how organisations need to think about cyber risk."

“Cyber crime is no longer concentrated in one market or region. Australia and the Asia‑Pacific region are increasingly in scope, and attackers are combining technical methods with human‑led tactics to increase the scale and impact of incidents.”

“Now more than ever, cyber risk has become a resilience challenge. Preparation, visibility and the ability to recover quickly are now just as important as prevention.”

“Effective cyber insurance is not just about what happens after an incident. By helping organisations better understand risk, test decision‑making and prepare leadership teams, insurers can play a meaningful role in reducing disruption and strengthening resilience.”