![]() |
| Heightened ransomware risk calls for an executive-led, cross-functional response plan |
This extends beyond investment in cybersecurity and protection technologies to the building of clear strategies and coordinated cross‑functional crisis response plans. Companies can also unlock significant value from cyber insurance to strengthen their incident response preparedness.
According to Risk Based Security analysis by Aon, a leading global professional services firm, by Q4/2025, the frequency of ransomware attacks had increased 650 per cent compared with 2019. This reflects both the widespread nature of ransomware risk and its clear shift from a latent danger to an active and present threat.
Across Asia, around 660 organisations have been named on ransomware leak sites, highlighting an increasingly organised trend of attacks that are clearly focused on financial gain. In Vietnam alone, 10 ransomware attacks targeting large organisations have been officially recorded in the past two years, alongside many other cyberattacks that may not have been publicly recorded.
Even companies that have invested significantly in system security and cybersecurity cannot fully avoid cyberattacks arising from employee errors or vulnerabilities from one of the many third-party technology platform providers with whom they need to work. As a result, having a well-defined incident response plan is critical.
Gaps in coordination, information‑sharing and decision‑making between functions such as IT, finance, legal and executive management can emerge even under normal operating conditions. Without clear processes and defined responsibilities, organisations risk delayed or inconsistent responses, leading to increased losses, prolonged business interruption and reputational damage.
The Ransomware Tabletop Exercise for Executives organised by Aon on May 26 (Ho Chi Minh City) and May 28 (Hanoi) reinforced several priorities for organisations. In this exercise, business leaders were placed in a simulated ransomware attack scenario and asked to directly discuss and propose response options in the roles of CEO, CISO, CFO, CRO or Legal Counsel. From this, several key insights emerged for companies to consider.
First, responding to a cyber incident, especially a ransomware attack, is not solely the responsibility of the IT function. While IT provides critical inputs on technical response strategies and information about the scope of impact, expected downtime and recovery costs that guide the organisation’s overall response, critical decisions require broader leadership involvement.
Decisions such as whether to pay a ransom, how and which parties must be notified to comply with legal and contractual obligations, the appropriate communication strategy, and which external experts to engage require insights and advice from other functions within the leadership team.
The role of senior leadership is decisive, as they must balance operational continuity, financial pressure and reputational considerations. At the same time, all relevant functions must understand their roles and be prepared should an incident occur.
Second, cyber insurance is not just a solution for recovering financial losses; it also enables access to specialist resources during an incident, including forensic investigations, legal advisory, communications support and system recovery services. These resources can be critical in helping companies make informed decisions, contain the impact and accelerate recovery time. When incorporating cyber insurance into risk management, companies should proactively understand what resources are available and integrate these into their incident response plans.
The cyber insurance market has now entered a more mature phase, with many new insurers joining, expanded capacity, and competitive terms that are generally favourable for buyers.
Third, incident response plans must be updated and tested regularly, as the cyber risk landscape continues to evolve. Emerging threats arise not only from vulnerabilities in rapidly advancing technologies, but also from the widespread adoption of AI and the rise of state‑linked or geopolitical cyberattacks targeting critical national infrastructure and facilities. In addition, new regulations on data protection, personal data, cybersecurity and AI require close attention from companies.
Preventing, responding to and recovering from cyber incidents requires increasing investment from companies. Organisations that build robust and sustainable cyber resilience will be better positioned to minimise disruption and loss, strengthen competitiveness, and enhance their reputation and brand to drive long-term growth.
![]() |
| Aon’s Ransomware Tabletop Exercise placed executives in a simulated ransomware scenario to enhance preparedness and response planning |
Aon opened its first office in Vietnam in 1993. With over 150 professionals in its Hanoi and Ho Chi Minh City offices, Aon Vietnam is a leading and long‑established provider of insurance and reinsurance brokerage, corporate risk and employee benefits consulting in Vietnam, leveraging Aon Group’s global reach, specialist expertise and analytics‑enabled operating model. As one of the world’s leading insurance brokers, Aon's 60,000 colleagues partner with clients in more than 120 countries and sovereignties to shape decisions for the better.
| FPT and Aon join forces with enterprises to build strong digital shield In today's digital age, cyberattacks are becoming an increasingly serious threat to businesses and organisations worldwide. |
| Aon names Winnie Loh as SE Asia real estate, data centre leader Aon, the global professional services firm, appointed Winnie Loh to lead its real estate and data centre practice for Southeast Asia, targeting increased demand for risk management in these sectors. |
| Digital boom raises stakes for data protection as cyber risks grow Data breaches are becoming increasingly common for businesses in Vietnam, where accelerating digitalisation has often outpaced the ability to safeguard sensitive information. |
What the stars mean:
★ Poor ★ ★ Promising ★★★ Good ★★★★ Very good ★★★★★ Exceptional