Cybercrime tops 30% of Asia-Pacific offenses, driven by AI scams and phishing

Interpol is putting a number on a trend that is no longer “niche cyber.” In its latest Asia and South Pacific (ASP) Cyberthreat Assessment Report, the international police organization says cybercrime now accounts for more than 30% of all offenses across the region, with Wednesday’s release flagging a “dramatic increase” in recorded cybercrimes.

The report doesn’t stop at the headline statistic. It says online scams and phishing attacks dominate cybercrime in ASP, and that phishing has matured. Instead of the old spray-and-pray era of mass emails, Interpol describes campaigns that now resemble techniques used elsewhere globally, including more targeted spear phishing. Layer on AI, and the bar for executing believable fraud falls further, because even low-skilled attackers can use AI to add authenticity.

If you are a founder, operator, or investor with a global footprint, the uncomfortable part is what this does to cost. Phishing and scams are not just IT incidents. They are a customer trust problem, a revenue protection problem, and often a capital problem when the scam works. Interpol highlights how these threats are evolving into challenges that hit multiple jurisdictions instead of isolated incidents, which is exactly the kind of problem executives cannot patch with a single “security awareness” campaign.

Part of the reason the region’s cybercrime problem is so sticky, according to Interpol and related reporting it cites, is that organized scamming is scaling. The report points to scam call centers across Southeast Asia described by a United Nations report last year as an epidemic that is metastasizing across the region “like a cancer.” Interpol notes these scam compounds are found across countries including Cambodia, Laos, Myanmar, and the Philippines. It also says vulnerable individuals are trafficked into scam centers to work under poor conditions, and in extreme cases even as slaves.

There is also the money side of the ecosystem. Interpol cites Singaporean research estimating that the regional scam industry generates close to $40 billion each year. That figure matters for boards because it helps explain why enforcement struggles to outrun the profit motive. Criminal networks build facilities, recruit labor, and run repeatable workflows. When attackers can then add AI-generated content, the playbook becomes cheaper, faster, and harder to detect using traditional signals.

Interpol gives two concrete deepfake-linked examples that bring the risk into the C-suite’s world. In 2024, the same scam compounds were found using deepfake imagery to support romance scams. Then, in February 2024, an employee at a multinational business in Hong Kong was duped into authorizing a $25 million payment because company executives’ faces were convincingly deepfaked on a video call. A similar case is reported in Singapore in March 2025: a finance director at a different multinational transferred more than $499 million after a Zoom call where fraudsters assumed the identities of company chiefs, including the CEO and CFO.

Those numbers are not just eye-catching. They show how attacker capability is collapsing the gap between “video looks real” and “transaction is authorized,” especially when employees are under time pressure. For finance leaders, that means verification and controls need to survive impersonation attempts, not just phishing links. For security leaders, it means “content authenticity” is becoming as relevant as technical perimeter defenses.

The report also flags a structural enforcement problem. Interpol says as digitization grows across the region, law enforcement agencies are struggling to keep pace with the increase in cybercrime because many lack the skills and tools needed to investigate these crimes. The issue is especially pronounced in developing countries and small island states in the Pacific, which face “significant resource and capacity constraints,” making them more vulnerable to direct targeting by criminals who have a greater chance of evading consequences.

Interpol does credit progress. It lauds proactive approaches in parts of the ASP region, citing Hong Kong and the Republic of Korea for introducing new cybersecurity legislation. It also notes other jurisdictions that have established national task forces, codified national action plans, and launched awareness campaigns. But the report’s more global implication is that even when regulations and legislation mature, the overall rates of cybercrime can still rise. Interpol does not collect cybercrime figures for other regions the same way it does for ASP, but the source points to how data still shows persistent problems elsewhere.

For context, the UK’s Office for National Statistics (ONS) publishes crime rates by type across England and Wales each year. It reports that computer misuse offenses in 2025 decreased by 58% compared to 2017, yet there were still an estimated 735,000 cases across the year. Expanding beyond pure cyber offenses to cyber-supported crimes like banking and credit fraud, those offenses account for more than 2.7 million of the circa 9.6 million total crimes committed. In the US, the FBI’s annual IC3 report, which examines cybercrime rates, showed cybercrime reports topped one million for the first time in the latest report reflecting 2025 figures, while total losses hit a record $20.87 billion.

So the strategic stake for executives is bigger than “cyber risk.” Interpol’s ASP findings tie together digitization, scaled organized fraud, and AI-enabled deception, all under uneven enforcement capacity. For boards and leadership teams, the question is whether your organization’s controls, incident response, and fraud verification can keep up when attackers behave like industrial operators and impersonate your own leaders convincingly enough to trigger real transfers.