QBE: Ransomware to Surge 40% as Attackers Weaponise AI

Ransomware operators will publicly name more than 7,000 victims by the end of 2026, marking a 40% increase from 5,010 disclosed attacks in 2024, according to research from QBE. The projection represents a five-fold escalation since 2020, when criminals listed 1,412 victims on leak sites.

The analysis, compiled by Control Risks for the insurer, examines how cybercriminals are exploiting cloud infrastructure and AI to penetrate systems and extract data. Between August 2023 and August 2025, organisations in the UK suffered 49 incidents, comprising 10% of the 447 attacks recorded globally during this period.

Government and administrative systems bore the brunt of criminal activity, accounting for 19% of incidents worldwide. IT and telecommunications sectors experienced 18% of attacks, while manufacturing, logistics and transport together represented 13% of targets.

QBE clients face rapid evolution in cyber threats

David Warr, Cyber Portfolio Manager for QBE, says British organisations are struggling to keep pace with the risks created by their own technology adoption. “As British businesses expand their use of cloud infrastructure and AI tools, they are also reshaping their risk landscape. The challenge is not just preparing for the future but catching up with exposures that have evolved at speed.”

The rate of ransomware incidents nearly tripled year-on-year, jumping from 572 in Q1 2024 to 1,537 in Q1 2025. Publicly disclosed extortion cases climbed 54% when comparing January to April 2025 with the same months in 2024. Financial damage from individual attacks spans a wide range, with deepfakes playing a role in nearly 10% of breaches during 2024 and generating losses between $250,000 and $20m per incident.

David points to dependencies on external providers as a source of vulnerability. “The supply chain threat causes concern for companies,” he says. “While outsourcing certain parts of your business can create efficiencies and cost savings, there are security considerations to bear in mind. Each outsourced provider that connects into your company creates an additional layer of risk – not only in terms of potential malware transmission but also in terms of critical dependencies. Each third-party connection creates new risk, and a single point of failure can halt business operations altogether.”

Cloud storage reaches 100 zettabytes as Microsoft 365 attacks bypass security

Data stored worldwide will reportedly hit 200 zettabytes in 2025, with half residing in cloud infrastructure. This compares with 43% in cloud storage in 2024, 15% in 2020 and just 10% in 2015. The migration of data to cloud platforms has accelerated attacks, with high-severity alerts surging 235% in 2024 compared with the previous year.

Business email compromise attacks that exploit Microsoft 365 and similar services circumvent traditional security measures and evade detection more easily than conventional threats. Nearly half of all corporate data stored in cloud environments carries a sensitive classification, making these platforms attractive to ransomware operators seeking valuable information.

Third-party breaches demonstrate the cascading impact of supply chain vulnerabilities. When attackers compromised single sign-on provider Okta in 2023, they exposed 134 business clients and erased $2bn from the company's market value. The breach illustrated how a single compromised vendor can jeopardise hundreds of connected organisations.

The CrowdStrike outage in 2024 affected 8.5m Windows devices and generated an estimated US$5.4bn in costs for Fortune 500 companies. The incident exposed the extent to which businesses depend on third-party services for operations.

Criminals exploit ChatGPT and Microsoft Copilot for automated attacks

AI adoption is accelerating across Europe and North America, with ChatGPT amassing 755m users by early 2025 following a 33% increase between December 2024 and February 2025. Microsoft Copilot attracted 88m active users in 2025. Among businesses, 78% now deploy AI in at least one function, up from 55% in 2024. Between 20% and 40% of employees actively use AI tools in their roles, with programming functions showing particularly high adoption rates.

While businesses deploy Gen AI to boost productivity, criminals harness the same technology for extortion and fraud. The technology enables automated phishing campaigns, identity fraud and deepfake scams. Gen AI allows experienced hackers to operate with greater speed and precision, but it also removes technical barriers for less skilled cybercriminals by assisting with script development and malware coding.

This democratisation of hacking tools means organisations now face threats from groups previously considered too inexperienced or under-resourced to mount effective attacks. The shift threatens to generate operational downtime, financial losses and reputational damage across sectors.

QBE urges businesses to embed security in technology lifecycles

The insurer recommends organisations map and assess risk profiles to identify critical assets, threats and vulnerabilities. Companies should define acceptable risk levels to allow leadership to establish clear boundaries for exposure. Prioritising mitigation strategies enables businesses to direct resources toward areas where they will have the most impact.

Organisations need to develop tested contingency plans and recovery protocols for scenarios. Regular stress testing of crisis management helps evaluate decision making, communication and response capabilities. Incorporating third-party expertise into security strategies assists with managing residual and emerging risks, while continuous monitoring and adaptation of defences keeps pace with evolving threats and changing business requirements.

David says resilience requires embedding cyber risk management into technology lifecycles from the start, including implementing identity and access management protocols, conducting regular configuration audits, and encrypting sensitive data across all cloud environments. Businesses should evaluate the security posture of third-party providers and establish protocols for managing supply chain exposure.

“Cloud and AI tools are giving attackers more entry points and opportunities. Businesses need a robust strategy to anticipate and withstand cyber incidents, particularly those arising from third-party services and cloud environments,” David says.