BY Richard Summerfield

According to a new report from S-RM and FGS Global on cyber incidents, ransomware remains the biggest threat to organisations, but the widespread implementation of artificial intelligence (AI) by businesses is creating new opportunities for cyber criminals.

The report, which draws on data from over 800 incidents recording over 2025, notes that the cyber threat landscape is changing, and companies must respond accordingly.

The adoption of AI agents and automated workflows is helping to create new categories of non-human identities that can inadvertently amplify the impact of a cyber attack. Furthermore, cyber criminals are employing AI to create personalised attacks, and to identify, exploit and damage secret corporate information.

The report also notes that the number of businesses paying ransoms has increased for the first time in two years, with industrials and manufacturing companies paying more often, likely due to the operational disruption caused by these attacks.

According to the report, 24 percent of ransomware victims ended up paying out in 2025, up from 14 percent in 2024. The US continues to be at most risk of cyber attacks, with 60 percent of incidents involving US-based organisations. Asia-Pacific also recorded an increase in attacks. Over 760 organisations across the Asia-Pacific region were named on ransomware leak sites, a 59 percent increase on the previous year. The UK saw a 5 percent increase in cyber victims from 2024 to 2025.

In 2025, organisations encountered 67 different threat actors, an increase of 16 percent from the previous year. The average ransom paid was $296,000, with $1.9m the highest recorded payment cited in the report.

“We are moving into uncharted territory where the speed and sophistication of cyber attacks are out maneuvering traditional defenses,” said Jamie Smith, global managing director, cyber security at S-RM. “What once took weeks now takes days, and what took days, now takes hours. Attackers are no longer just encrypting systems; they are using AI to find the most sensitive information that could cause maximum damage to an organization and using this as leverage. The result is more targeted extortion that goes beyond generic threats of data publication. Threats are becoming specific and more personalized, designed to maximize the victim’s fear and willingness to pay.

“As more companies embed AI agents in their workflows, the risk rises exponentially,” he continued. “AI agents should be treated as untrusted identities, with least-privilege access to systems, continuous monitoring and explicit segmentation from sensitive systems or AI adoption risks creating privileged, opaque intermediaries that threat actors can manipulate for maximum harm.”

“Ransomware incidents are highly feared by Boards and leadership teams, and for good reason,” said Jenny Davey, global co-head of the crisis & issues management practice at FGS Global. “As recent high-profile attacks have shown, they can have crippling consequences on a business’s operations, financial situation and reputation – and the knock-on effects can be significant and far-reaching.

“As Boards consider the implementation of AI agents and automated workflows across their business, they must be mindful that it can be a double-edged sword: while AI can drive efficiency and performance across the business, it can also open up new attack vectors for cybercriminals to exploit and therefore present new reputational risks.

“Boards must also remain mindful of how AI is enabling cybercriminals to be more sophisticated in communications and engagement with victim organizations, and how it is driving and sharpening threats that are cyber-adjacent, such as deepfakes, synthetic media and misinformation campaigns. These can be particularly reputationally damaging if not handled swiftly and with care,” she added.

Report: Cyber Incident Insights Report 2026

BY Richard Summerfield

An increasing number of attacks on critical infrastructure, a surge in phishing and record-breaking vulnerability disclosures are among the challenges facing companies operating today, according to a new report from critical infrastructure cyber security firm OPSWAT.

The report, OPSWAT’s inaugural Threat Landscape Report, reveals key findings from over 890,000 sandbox scans conducted over the past 12 months.

Among the key highlights within the report is the global cost of cyber crime, which is projected to reach $1.2 trillion in 2025, with downtime and lost productivity representing up to $1 trillion of that total. The report also highlighted a 127 percent rise in malware complexity and warns that traditional detection methods are falling behind, with one in 14 files initially deemed ‘safe’ by legacy systems later confirmed to be malicious. According to OPSWAT, the results underscore the need for multilayered defences and a shift away from outdated tools.

Attacks on operational technology (OT) and critical infrastructure have continued their upward trajectory in 2025. Sectors such as manufacturing, energy and utilities remain at the forefront of threat actor targeting, with financial and espionage motivations both in play. Ransomware remains one of the most prominent threats, featuring in 44 percent of all breaches across sectors and accounting for 75 percent of breaches within the system intrusion pattern. Vulnerability exploitation has also risen sharply as an initial access vector, with attackers particularly focusing on edge devices, firewalls and VPN services.

The report also made note of the surge in malware sophistication which is being driven by multi-stage execution chains and heavy obfuscation, with 7.3 percent of files missed by public OSINT feeds flagged as malicious by Filescan.io, on average 24 hours earlier. These were confirmed executions, not speculative flags, highlighting how adaptive analysis can close dangerous gaps left by static and reputation-based systems.

According to the report, malicious actors are increasingly favouring stealth over scale, concealing payloads in formats such as .NET bitmaps and steganographic images and repurposing Google services for covert command-and-control activity. Social engineering tactics are also evolving, with methods such as ‘ClickFix’ – a clipboard hijacking technique – becoming more widespread, with such attacks enjoying a bump in popularity among both criminal and nation-state actors.

Heightened regulatory scrutiny is also having an impact as it intensifies, particularly in the EU through the Network and Information Systems Security Directive 2, or NIS2, and the Cyber Resilience Act, and in North America, which is driving mandatory reporting and resilience requirements for critical infrastructure. As a result, the cyber security market itself is projected to grow at a 12.6 percent compound annual growth rate, reaching $301.9bn in 2025.

According to OPSWAT: “As critical infrastructure, government systems, and enterprise networks face growing targeting from increasingly modular and evasive malware, the findings of this report spotlight the evolving adversary playbook and the need for integrated, multilayered solutions. Cybersecurity leaders must now prioritize adaptability, shared intelligence, reassessing technology, and fast behavioral detection pipelines to protect systems from known threats, but also to keep pace with a rapidly evolving threat landscape and whatever is on the horizon.”

Report: 2025 OPSWAT Threat Landscape Report

BY Richard Summerfield

Cyber insurance should form the backbone of a cyber security strategy, according to a new report from At-Bay.

According to the report, which surveyed security decision makers in the US, Canada and Europe, Middle East, and Africa (EMEA), cyber insurance is now seen as a best practice by many businesses, with 72 percent of respondents considering it ‘critical’ or ‘important’ to their organisation.

Furthermore, 43 percent of respondents noted that cyber insurance requirements are a significant driver of their cyber security spending. This figure rises to 52 percent among the largest organisations.

“We believe an important finding from this report is that there’s a large number of organizations that should consider partnering with a cyber insurance provider to help drive cybersecurity maturity,” said Andrew Braunber, an analyst at Omdia. “There can be upside for enterprises in aligning proactive cybersecurity spending with cyber insurance requirements, with an even more powerful emerging option to partner with an InsurSec provider to optimize risk reduction and technology performance. These relatively new entities combine cybersecurity products and services with insurance offerings to offer a wider scope of prevention and protection.”

There has been significant growth in the number of businesses of all sizes when it comes to prioritising proactive security solutions that help identify and mitigate potential threats. Over the last 12 months, more than 70 percent of respondents increased their spending on proactive security solutions.

Yet, despite the increase in the use of cyber insurance and its burgeoning impact on security decisions, only 13 percent of respondents said they were working ‘proactively’ with their cyber insurance provider to reduce cyber risk. By contrast, 33 percent of respondents said they were taking preventive measures with support from their cyber insurer.

Worryingly, proactive collaboration is even lower in critical infrastructure sectors, where cyber risks could have broader societal impacts. For example, only 4 percent of manufacturing companies, 7 percent of energy, utility and transportation companies, and 8 percent of healthcare companies reported proactive engagement with their cyber insurance providers.

“Cyber insurance has emerged as a critical pillar to building a proactive cybersecurity strategy as it enables companies to complete their risk mitigation,” said Thom Dekens, chief business officer at At-Bay and general manager of At-Bay Security. “Additionally, insurance providers with significant in-house cybersecurity expertise can provide huge business value to their customers, closely partnering with them to make informed decisions about their technology strategies and also improve their risk outcomes throughout the policy year.”

Report: InsurSec Can Drive An Effective Proactive Security Strategy

BY Richard Summerfield

Cloud services, infrastructure and applications are the primary subjects of cyber attacks, according to the 2024 Thales Cloud Security Study.

The report, which surveyed nearly 3000 IT and security professionals across 18 countries in 37 industries, found that cloud security spending now tops all other security spending categories. This is particularly concerning given that 47 percent of all corporate data stored in the cloud is sensitive. Of those companies surveyed, 44 percent have experienced a cloud data breach - 14 percent in the past year.

According to the report, nearly half of organisations believe it is more difficult to manage compliance and privacy in the cloud compared to on-premises. Thirty-one percent recognise the importance of digital sovereignty initiatives as a means of futureproofing their cloud environments.

“The scalability and flexibility that the cloud offers is highly compelling for organizations, so it’s no surprise it is central to their security strategies,” said Sebastien Cano, a senior vice president at Thales. “However, as the cloud attack surface expands, organizations must get a firm grasp on the data they have stored in the cloud, the keys they’re using to encrypt it, and the ability to have complete visibility into who is accessing the data and how it being used. It is vital to solve these challenges now, especially as data sovereignty and privacy have emerged as top concerns in this year’s research.”

The report also noted that among the targeted cloud resources, 31 percent are software as a service (SaaS) applications, 30 percent are cloud storage and 26 percent are cloud management infrastructure.

Human error and misconfigurations occurred in 31 percent of breaches, making this the top root cause. That figure was significantly lower compared to last year’s report, where 55 percent of cloud incidents were caused by human error. Exploitation of known vulnerabilities was the next highest root cause of cloud breaches, accounting for 28 percent, up seven percent compared to Thales’ 2023 report. Exploitation of previously unknown vulnerabilities and zero days accounted for 24 percent of breaches. Failure to use multi-factor authentication (MFA) was another significant cause of cloud breaches, identified in 17 percent of cases.

External attackers, including cyber criminals, hacktivists and nation-state actors, as well as malicious insiders, are also the driving force behind many cloud security breaches.

Sixty-five percent of respondents identified cloud security as a current concern, and cloud security was the top category of security spending, reported by 33 percent of all respondents.

Report: Thales 2024 Cloud Security Study