Ransomware attacks are set to escalate sharply, with the number of ransomware victims publicly named on leak sites expected to rise from 5,010 in 2024 to more than 7,000 by the end of 2026, according to the latest report from QBE. This increase represents a five-fold increase since 2020, when just 1,412 victims were shared on leak sites.
In addition, the UK experienced 49 significant cyber incidents over the past two years, making up 10% of the global total (447).
Compiled by Control Risks, QBE’s cyber report: Cloud cover: forecasting digital disruption in a cybercrime climate, explains how cybercriminals are exploiting AI and cloud vulnerabilities to access sensitive data and disrupt systems.
It also shows government and administrative systems were the most targeted sector globally between August 2023 and August 2025, accounting for 19% of all incidents. IT and telecommunications followed at 18%, while manufacturing, logistics and transport sectors together represented 13%.
Successful cyberattacks, namely ransomware attacks, can cause financial losses, reputational damage and litigation for the businesses targeted, as well as for their customer and third-party suppliers.
QBE is urging companies to strengthen protective measures to match the evolving threat landscape.
David Warr, Cyber Portfolio Manager for QBE says: “As British businesses expand their use of cloud infrastructure and AI tools, they are also reshaping their risk landscape. The challenge is not just preparing for the future but catching up with exposures that have evolved at speed. The supply chain threat causes concern for companies. While outsourcing certain parts of your business can create efficiencies and cost savings, there are security considerations to bear in mind. Each outsourced provider that connects into your company creates an additional layer of risk – not only in terms of potential malware transmission but also in terms of critical dependencies. Each third-party connection creates new risk, and a single point of failure can halt business operations altogether.”
The report shows how businesses' quick adoption of AI and cloud platforms increases digital vulnerabilities. While these technologies boost efficiency, they also enable cybercriminals to launch ransomware, phishing and fraud campaigns with greater speed and precision. In 2024, deepfakes were implicated in nearly 10% of successful cyberattacks, with losses ranging from $250,000 to over $20m.
By 2025, the volume of data stored worldwide is projected to reach 200 zettabytes (200 trillion gigabytes) across IT and utility infrastructures, data centres, personal and connected devices.
Half of this data will be stored in the cloud, up from only 10% in 2015. This concentration of valuable data makes cloud providers and storage services appealing to attackers.
Throughout 2024, high-severity cloud alerts increased by 235% compared with the previous year, reflecting both the surge in adoption and the increasing capability of attackers.
Cloud platforms are now a prime entry point. Business email compromise (BEC) attacks exploiting Microsoft 365 and other services bypass traditional security checks and are harder to detect. Supply chain vulnerabilities are also increasing: a breach at single sign-on provider Okta in 2023 exposed 134 business clients and wiped $2bn off its market value, underlining how one compromised supplier can put hundreds of companies at risk.
Generative artificial intelligence (GenAI) is reshaping the cyber threat environment as its usage is expected to surge in Europe and North America over the next five years.
Businesses use GenAI to gain productivity, but cybercriminals use the same technology for fraud and extortion. GenAI threats have manifested in automated phishing attacks, identity fraud and deepfake scams.
GenAI enables hackers to act with greater speed and precision, but it also lowers the technical barriers for entry-level cybercriminals, for instance assisting them in script development and malware coding. Businesses will likely face a rise in attacks from groups previously dismissed as too technically incompetent or resource-poor. This may result in operational downtime, financial loss or reputational damage.
Key findings from the QBE report include:
To combat the growing cyber threat, QBE recommends business adopt the following measures:
Cloud and AI tools are giving attackers more entry points and opportunities. Businesses need a robust strategy to anticipate and withstand cyber incidents, particularly those arising from third-party services and cloud environments. Building resilience means embedding cyber risk management into technology lifecycles from the outset:
1. Implementing strong identity and access management (IAM) protocols
2. Running regular configuration audits
3. Encrypting sensitive data across all cloud environments
Also, continuous monitoring, threat intelligence, and incident response plans help detect and contain threats before they escalate. In addition, businesses should evaluate the security posture of their third-party providers and establish clear protocols for managing supply chain exposure.
These practices will enable UK businesses to make the most of GenAI and cloud storage while protecting their operations, preserving continuity and maintaining trust.
The full report, compiled by Control Risks, is available on the QBE website.