Skip to main content
QBE European Operations

Ransomware attacks to rise by 40% by 2026, QBE warns

Ransomware attacks are set to escalate sharply, with the number of ransomware victims publicly named on leak sites expected to rise from 5,010 in 2024 to more than 7,000 by the end of 2026, according to the latest report from QBE. This increase represents a five-fold increase since 2020, when just 1,412 victims were shared on leak sites.  

In addition, the UK experienced 49 significant cyber incidents over the past two years, making up 10% of the global total (447). 

Compiled by Control Risks, QBE’s cyber report: Cloud cover: forecasting digital disruption in a cybercrime climate, explains how cybercriminals are exploiting AI and cloud vulnerabilities to access sensitive data and disrupt systems. 

It also shows government and administrative systems were the most targeted sector globally between August 2023 and August 2025, accounting for 19% of all incidents. IT and telecommunications followed at 18%, while manufacturing, logistics and transport sectors together represented 13%. 

Successful cyberattacks, namely ransomware attacks, can cause financial losses, reputational damage and litigation for the businesses targeted, as well as for their customer and third-party suppliers. 

QBE is urging companies to strengthen protective measures to match the evolving threat landscape.

David Warr, Cyber Portfolio Manager for QBE says: “As British businesses expand their use of cloud infrastructure and AI tools, they are also reshaping their risk landscape. The challenge is not just preparing for the future but catching up with exposures that have evolved at speed. The supply chain threat causes concern for companies. While outsourcing certain parts of your business can create efficiencies and cost savings, there are security considerations to bear in mind. Each outsourced provider that connects into your company creates an additional layer of risk – not only in terms of potential malware transmission but also in terms of critical dependencies. Each third-party connection creates new risk, and a single point of failure can halt business operations altogether.”

The report shows how businesses' quick adoption of AI and cloud platforms increases digital vulnerabilities. While these technologies boost efficiency, they also enable cybercriminals to launch ransomware, phishing and fraud campaigns with greater speed and precision. In 2024, deepfakes were implicated in nearly 10% of successful cyberattacks, with losses ranging from $250,000 to over $20m.

By 2025, the volume of data stored worldwide is projected to reach 200 zettabytes (200 trillion gigabytes) across IT and utility infrastructures, data centres, personal and connected devices. 

Half of this data will be stored in the cloud, up from only 10% in 2015.  This concentration of valuable data makes cloud providers and storage services appealing to attackers.  

Throughout 2024, high-severity cloud alerts increased by 235% compared with the previous year, reflecting both the surge in adoption and the increasing capability of attackers.  

Cloud platforms are now a prime entry point. Business email compromise (BEC) attacks exploiting Microsoft 365 and other services bypass traditional security checks and are harder to detect. Supply chain vulnerabilities are also increasing: a breach at single sign-on provider Okta in 2023 exposed 134 business clients and wiped $2bn off its market value, underlining how one compromised supplier can put hundreds of companies at risk.

Generative artificial intelligence (GenAI) is reshaping the cyber threat environment as its usage is expected to surge in Europe and North America over the next five years.  

  • ChatGPT has 755m users (their number increased by 33% between December 2024 and February 2025)  
  • Microsoft Copilot has 88m active users in 2025  
  • 78% of organisations deploy AI in at least one business function in 2025, up from 55% in 2024 

Businesses use GenAI to gain productivity, but cybercriminals use the same technology for fraud and extortion. GenAI threats have manifested in automated phishing attacks, identity fraud and deepfake scams.

GenAI enables hackers to act with greater speed and precision, but it also lowers the technical barriers for entry-level cybercriminals, for instance assisting them in script development and malware coding. Businesses will likely face a rise in attacks from groups previously dismissed as too technically incompetent or resource-poor. This may result in operational downtime, financial loss or reputational damage.  

Key findings from the QBE report include:

  • Ransomware incidents almost tripled year-on-year – 1,537 in Q1 2025, up from 572 in Q1 2024
  • High-severity cloud alerts surged 235% in 2024 compared to 2023, reflecting rapid cloud adoption and attacker sophistication
  • Nearly half of corporate data stored in the cloud is classified as “sensitive”, making it a prime target for ransomware
  • Global data volume to reach 200 zettabytes by 2025, with half stored in the cloud (vs. 43% in 2024, 15% in 2020)
  • Deepfakes implicated in nearly 10% of successful cyberattacks in 2024, with fraud losses ranging from USD $250k to $20m per case
  • Ransomware extortion cases publicly disclosed increased by 54% in Jan–Apr 2025 compared with the same period in 2024
  • ChatGPT adoption soared to 755m users in early 2025, up 33% between Dec 2024 and Feb 2025; Microsoft Copilot reached 88m users
  • 78% of organisations now deploy AI in at least one business function in 2025, up from 55% in 2024
  • 20–40% of employees actively use AI in their daily roles (particularly programming)
  • CrowdStrike outage in 2024 impacted 8.5m Windows devices, costing Fortune 500 companies an estimated USD $5.4bn.

To combat the growing cyber threat, QBE recommends business adopt the following measures:

  1. Map and assess risk profiles to identify critical assets, threats, and vulnerabilities to gauge a clear overview of exposure to the business
  2. Define acceptable organisational risk so leadership can explicitly set boundaries for risk and exposure to data
  3. Prioritise mitigation strategies to direct resources towards the areas of greatest impact
  4. Plan for worst-case scenarios with tested contingency plans and recovery protocols
  5. Regularly stress test crisis management to evaluate decision making, communication and response
  6. Incorporate third-party expertise into your cyber security strategy to help manage residual and emerging risks.
  7. Continuously monitor and adapt cyber defences to stay ahead of evolving threats, new technology and changing business needs.

Cloud and AI tools are giving attackers more entry points and opportunities. Businesses need a robust strategy to anticipate and withstand cyber incidents, particularly those arising from third-party services and cloud environments. Building resilience means embedding cyber risk management into technology lifecycles from the outset: 

1.      Implementing strong identity and access management (IAM) protocols 

2.      Running regular configuration audits 

3.      Encrypting sensitive data across all cloud environments 

Also, continuous monitoring, threat intelligence, and incident response plans help detect and contain threats before they escalate. In addition, businesses should evaluate the security posture of their third-party providers and establish clear protocols for managing supply chain exposure.  

These practices will enable UK businesses to make the most of GenAI and cloud storage while protecting their operations, preserving continuity and maintaining trust. 

The full report, compiled by Control Risks, is available on the QBE website.