Fundamental changes to how cyber risk is managed are needed if organisations are to address the rapid increase in the speed of cyber attacks. Figures from the Q1 cyber threat report by QBE highlight a shift from what was once a slow moving incident to an increasingly rapid escalation event.

In the first quarter of 2026, QBE reports that the pace at which cyber attacks progress sharply increase. Since 2021, the average time between an attacker gaining initial access and deploying ransomware has fallen by around 70%, from about 100 minutes to approximately 30 minutes in recent cases. In some incidents, attackers were able to encrypt thousands of endpoints across an organisation in less than ten minutes.

This acceleration leaves organisations with little time to detect, investigate and respond before systems are disrupted and data is compromised. Dominic Keller, global head of cyber services at QBE Insurance, said: “The most striking shift we’re seeing is how quickly cyber incidents now escalate. In many cases, the window between an attacker gaining access and significant disruption is measured in minutes rather than days, which fundamentally changes how organisations need to think about cyber risk.”

The QBE report also indicates there is a widening of cyber activity beyond its historical concentration in the United States. Ransomware and other cyber attacks are now more evenly distributed across regions, with Australia ranking among the top ten most targeted countries globally. New and emerging cyber criminal groups are also increasingly focusing on Asia Pacific markets, where they perceive opportunity and less saturation from established threat actors.
QBE’s report also highlights the increased use of multi channel attack techniques, where cyber criminals combine email phishing with phone calls and text messages to convince staff to reveal credentials or approve access.

Around 11% of ransomware incidents now include a voice component, reflecting a shift away from purely technical exploits and toward attacks designed to exploit trust, urgency and human behaviour. In some cases, these attacks are being enhanced by AI generated impersonation.
Keller added: “Cyber crime is no longer concentrated in one market or region. Australia and the Asia Pacific region are increasingly in scope, and attackers are combining technical methods with human led tactics to increase the scale and impact of incidents.

“Now more than ever, cyber risk has become a resilience challenge. Preparation, visibility and the ability to recover quickly are now just as important as prevention.”

---