The Cyber Security Mirage

Parent Page Home
Parent Page News
Parent Page Spotlight on Tech Transformation & Cyber Risk 2025
The Cyber Security Mirage

Over the past year, multiple incidents have underscored the evolving cyber threat landscape. In particular, cyber attacks involving third party suppliers have highlighted the heightened risks associated with system interconnectivity.

Ongoing geopolitical tensions have also sharpened executives’ focus on the increased cyber security threats from state backed threat actors and hacktivists. And AI-enhanced ransomware attacks are more efficient and effective.

Cyber risk concern
Cyber preparedness or cyber security mirage
Vulnerable connections
A false sense of security
The intersection of politics and cyber security
Ransomware evolution
Cyber incidents by primary cause of loss
The value of data
Cyber incidents by industry

Cyber risk concern

Our research shows that cyber risk tops the boardroom risk agenda, with concern around cyber risk rising again and predicted to continue to rise over this year, after falling consistently since 2021, which was the height of the ransomware pandemic. Yet despite increased concern, firms feel significantly more resilient to cyber threats.

Cyber preparedness or cyber security mirage

"AI is being exploited to automate, enhance and scale up cyber attacks, lowering the barriers to entry. Firms appear to have a false sense of security about cyber resilience, which requires constant vigilance, rapid vulnerability patching, and active business continuity planning."

Alessandro Lezzi, Group Head of Cyber

Vulnerable connections

Third party supplier cyber risk is escalating as organisations increasingly rely on software services and cloud providers to streamline operations and boost efficiency. As global supply chains become more interconnected and prevalent, spanning geographies and sectors, their exposure to cyber threats increases. Cyber criminals are exploiting this evolving tech infrastructure to infiltrate supply chains and access valuable data, often targeting businesses indirectly through their supply chain connections.

Third party cyber risk now extends beyond malicious attacks. The CrowdStrike outage last year[3], caused by a software update error, led to widespread system disruptions across various sectors - from airlines to retailers and small businesses. The extensive media coverage of this incident highlighted the far reaching impact that systemic third party incidents can have.
The rise in third party vulnerabilities is also reflected in our survey findings with 79% of global executives agreeing that their business is planning to improve its cyber security with third party suppliers following high profile systemic cyber incidents last year.

Operational disruption due to targeted cyber attacks on critical vendors also came to prominence last year with the CDK[4] and Change Healthcare attacks[5]. These types of attacks are designed to pressure software service providers into paying substantial ransoms by creating widespread disruption across their customer base. Many of which are often heavily reliant on the services provided, amplifying the ripple effect and increasing the urgency to resolve the breach.

"The global geopolitical situation and its economic impact may destabilise supply chains creating significant challenges for firms and opportunities for cyber criminals to exploit."

Lucien Mounier
Head of Europe - Cyber Risks

A false sense of security

As organisations increasingly rely on software and cloud services, third-part cyber risk is rising. Interconnected global supply chains are more exposed to cyber threats, with criminals exploiting these networks to access valuable data, often by targeting suppliers rather than businesses directly. To protect themselves organisations must continuously assess their supply chain vulnerabilities.

Organisations impacted by a vendor breach can face additional problems due to the lack of support from the vendor, resulting in legal and financial challenges from the vendor to their clients. Vendors are tending to deflect responsibility for breaches, blaming the affected companies for not having sufficient security measures in place. Many vendor contracts limit their financial liability to their clients.

“Vendors are tending to take a more aggressive approach to liability, which is complicating the resolution of breaches and increasing the financial and legal burden on impacted companies.”

Sandra Cole
Cyber Claims Product Specialist

The intersection of politics and cyber security

The current geopolitical climate has emboldened nation state actors, who are using cyber attacks as a form of hybrid warfare to influence negotiations and exert political pressure. The Russia-Ukraine conflict exemplifies this, with European businesses, particularly government agencies, defence contractors and other critical industries being particularly vulnerable to attacks from pro-Russian hacker groups seeking to disrupt their operations. This situation poses a growing threat to organisations caught in the crossfire of politically-motivated attacks.

For example, NoName057(16) has been targeting various sectors in Italy, including government websites, financial institutions and the Ministry of Foreign Affairs, following critical remarks made by the Italian President, Sergio Mattarella, about Russia's actions in Ukraine[6]. The group’s Distributed Denial-of-Service (DDoS) campaign aimed to cause disruption and sway Italy's support for Ukraine.
“Russia-backed hackers are targeting European businesses with cyber attacks and sabotage activities trying to influence negotiations and create instability. International firms should examine their supply chains for potential cyber-related disruptions.”

Alex Creswell OBE
Strategic Adviser

Political polarisation is also leading to a rise in hacktivist attacks, where businesses are targeted by hackers promoting political agendas and seeking to infiltrate networks for reconnaissance and to cause disruption and spark media attention. Unlike traditional cyber attacks that focus on data theft and ransom extortion, hacktivists are not driven by financial gain and will linger in systems for an extended period. The Israel-Gaza conflict has been particularly polarising in the US, with activist groups targeting corporations based on perceived political stances or affiliations.

Ransomware evolution

Ransomware continues to be a major threat. Cyber criminals’ motivation is purely financial, and they look to extort data rich environments such as retailers, healthcare providers and other organisations with valuable sensitive information and personal data. To maximise their impact, they often seek mass extortion targeting both the target vendor and their clients.

The proliferation of Edge devices and the Internet of Things (IoT) are expanding the attack opportunities for cyber criminals[7], giving them new avenues to exploit weaknesses in personal passwords and other security vulnerabilities. By comprising a growing range of personal applications and devices, cyber criminals exfiltrate credentials which can act as a backdoor into corporate systems. They typically rely on known methods to infiltrate systems, such as bypassing multi-factor authentication (MFA) and endpoint detection and response systems (EDR).

“Attackers are exploiting zero-day vulnerabilities or new flaws in internet-facing systems within hours of them being disclosed. We’re also seeing a rise in information-stealing malware targeting personal devices usually to steal browser-synced credentials - where users often store corporate passwords. Once compromised, stolen credentials can be used to attack corporate systems and data.”

Francisco Donoso
Chief Product and Technology Officer at Beazley Security

Cyber incidents by primary cause of loss in 2024

The rise of generative AI is enabling cyber criminals to enhance phishing attacks and deepfake fraud techniques, and to automate and enhance their cyber attack capabilities. AI is increasingly being used in all stages of the cyber kill chain[8], making it easier to bypass traditional security measures and cheaper to mount attacks on networks. It is predicted that 17% of cyber attacks will involve generative AI by 2027[9].

The value of data

Today data security management is paramount. Firms need to understand the value of their data and the volumes of the data they store. As the aggregation costs of mishandling sensitive, personal data – from legal fees to forensics to data restoration costs, credit monitoring as well as the cost of compensating clients in class actions - gets very expensive, fast. Making data classification, minimisation and segmentation vital. Data protection measures can cause operational delays, and firms will need to decide between speed or security.

“Firms can’t be too cautious when it comes to who they can trust to safeguard credential data. If they don’t protect it effectively. It’s like leaving your front door keys scattered around the place, and criminals who find them will open the door and walk right in.”

Marcello Antonucci
Claims Leader - Cyber & Tech Claims
Sectors in the eye of the storm

Small businesses typically lack the financial firepower to invest in robust cyber security measures, and the same can be said of the public sector. Healthcare providers are a top target for cyber criminals, attracted by the opportunity to extort ransom payments after compromising sensitive patient data. In many cases, hospitals rely on outdated, legacy technologies which offer multiple entry points for online criminals.

“Small businesses are especially vulnerable to cyber attacks, as they often lack the internal resources and dedicated expertise that larger companies rely on to manage cyber risk. Without the safety net of cyber insurance, a single attack can result in bankruptcy.”

Patricia Kocsondy
Head of Global Cyber Digital Risks

Cyber incidents by industry

In the US, there has been an uptick in litigation and privacy class actions against healthcare providers[10]. With The Health Insurance Portability and Accountability Act imposing strict breach notification requirements[11], the cyber security strategies of healthcare providers are in the limelight like never before.

“Profit-motivated executives in the private sector have a clear incentive to mitigate cyber risk. Whereas the public sector tends to have fewer resources to allocate to cyber resilience, making keeping ahead of cyber threats more challenging.”

Jimaan Sane
London Wholesale and Europe Growth Leader

Cyber risk concern

Cyber preparedness or cyber security mirage

Vulnerable connections

Vulnerable connections

Third party supplier cyber risk is escalating as organisations increasingly rely on software services and cloud providers to streamline operations and boost efficiency. As global supply chains become more interconnected and prevalent, spanning geographies and sectors, their exposure to cyber threats increases. Cyber criminals are exploiting this evolving tech infrastructure to infiltrate supply chains and access valuable data, often targeting businesses indirectly through their supply chain connections.

Third party cyber risk now extends beyond malicious attacks. The CrowdStrike outage last year[3], caused by a software update error, led to widespread system disruptions across various sectors - from airlines to retailers and small businesses. The extensive media coverage of this incident highlighted the far reaching impact that systemic third party incidents can have.
The rise in third party vulnerabilities is also reflected in our survey findings with 79% of global executives agreeing that their business is planning to improve its cyber security with third party suppliers following high profile systemic cyber incidents last year.

Operational disruption due to targeted cyber attacks on critical vendors also came to prominence last year with the CDK[4] and Change Healthcare attacks[5]. These types of attacks are designed to pressure software service providers into paying substantial ransoms by creating widespread disruption across their customer base. Many of which are often heavily reliant on the services provided, amplifying the ripple effect and increasing the urgency to resolve the breach.

"The global geopolitical situation and its economic impact may destabilise supply chains creating significant challenges for firms and opportunities for cyber criminals to exploit."

Lucien Mounier
Head of Europe - Cyber Risks

A false sense of security

The intersection of politics and cyber security

The intersection of politics and cyber security

The current geopolitical climate has emboldened nation state actors, who are using cyber attacks as a form of hybrid warfare to influence negotiations and exert political pressure. The Russia-Ukraine conflict exemplifies this, with European businesses, particularly government agencies, defence contractors and other critical industries being particularly vulnerable to attacks from pro-Russian hacker groups seeking to disrupt their operations. This situation poses a growing threat to organisations caught in the crossfire of politically-motivated attacks.

For example, NoName057(16) has been targeting various sectors in Italy, including government websites, financial institutions and the Ministry of Foreign Affairs, following critical remarks made by the Italian President, Sergio Mattarella, about Russia's actions in Ukraine[6]. The group’s Distributed Denial-of-Service (DDoS) campaign aimed to cause disruption and sway Italy's support for Ukraine.
“Russia-backed hackers are targeting European businesses with cyber attacks and sabotage activities trying to influence negotiations and create instability. International firms should examine their supply chains for potential cyber-related disruptions.”

Alex Creswell OBE
Strategic Adviser

Political polarisation is also leading to a rise in hacktivist attacks, where businesses are targeted by hackers promoting political agendas and seeking to infiltrate networks for reconnaissance and to cause disruption and spark media attention. Unlike traditional cyber attacks that focus on data theft and ransom extortion, hacktivists are not driven by financial gain and will linger in systems for an extended period. The Israel-Gaza conflict has been particularly polarising in the US, with activist groups targeting corporations based on perceived political stances or affiliations.

Ransomware evolution

Cyber incidents by primary cause of loss

The value of data

The value of data

Today data security management is paramount. Firms need to understand the value of their data and the volumes of the data they store. As the aggregation costs of mishandling sensitive, personal data – from legal fees to forensics to data restoration costs, credit monitoring as well as the cost of compensating clients in class actions - gets very expensive, fast. Making data classification, minimisation and segmentation vital. Data protection measures can cause operational delays, and firms will need to decide between speed or security.

“Firms can’t be too cautious when it comes to who they can trust to safeguard credential data. If they don’t protect it effectively. It’s like leaving your front door keys scattered around the place, and criminals who find them will open the door and walk right in.”

Marcello Antonucci
Claims Leader - Cyber & Tech Claims
Sectors in the eye of the storm

Small businesses typically lack the financial firepower to invest in robust cyber security measures, and the same can be said of the public sector. Healthcare providers are a top target for cyber criminals, attracted by the opportunity to extort ransom payments after compromising sensitive patient data. In many cases, hospitals rely on outdated, legacy technologies which offer multiple entry points for online criminals.

“Small businesses are especially vulnerable to cyber attacks, as they often lack the internal resources and dedicated expertise that larger companies rely on to manage cyber risk. Without the safety net of cyber insurance, a single attack can result in bankruptcy.”

Patricia Kocsondy
Head of Global Cyber Digital Risks

Cyber incidents by industry

Spotlight snapshots

Politically motivated cyber attacks are likely to increase, driven by geopolitical flashpoints. Businesses operating in certain sectors, such as energy, telecommunications, defence and financial institutions may find themselves increasingly vulnerable to attacks.
Third-party risks are rising, making supply chain and credential management critical. Some vendors now limit liability in contracts, potentially shifting blame after breaches, leaving firms exposed to possible financial and legal fallout.
Managing credential and data security is critical as the aggregated costs of mishandling sensitive data is high. Data classification, minimisation and segmentation are essential, though protection measures can slow operations down, creating a choice between speed versus security.
Firms need to be ready for a cyber attack from all fronts. AI can be used as an effective cyber defence tool to monitor the attack landscape, identify vulnerabilities, boost defences and help secure system weaknesses before hackers exploit them.