Beyond Firewalls: Cyber Security & Risk Strategies

Parent Page Home
Parent Page Actualités et rapports
Parent Page Spotlight on Cyber Threats and Tech Advances 2026
Beyond Firewalls

Beyond firewalls

The expanding reality of cyber risk

Cyber risk has evolved beyond traditional data breaches. Today’s attacks damage operations, drain financial strength, erode reputations, and consume management time. Our data shows a significant underestimation among executives about the impact and duration of cyber events.

Cyber attacks are now full-scale crises

2025 was a year of hard lessons. Cyber incidents escalated into full operational crises, delivering knock-out blows that can take down a business. A single breach now has the power to disrupt entire supply chains, triggering a domino effect that impacts customers, suppliers, and shareholders - and threaten the viability of organisations and individuals alike. The consequences are expensive and complex.

For example, downtime for an international manufacturer ranges from days to years, and the financial toll can be punishing¹. Businesses require a clear understanding of their true exposure and the level of disruption they can realistically financially absorb and what they need to shift to insurance.

Belief is not reality

Many leaders remain overly confident in their resilience:

78% of global executives expect full recovery following a cyber incident.
82% claim strong cyber preparedness.

This confidence is increasingly misaligned with the reality of today’s threat landscape.

AI is accelerating cyber threats

AI is supercharging the attack landscape. Cyber criminals are using AI models to run automated reconnaissance and phishing campaigns, simultaneously scanning thousands of systems for vulnerabilities. With an estimated 82% success rate², attackers now hold a structural advantage.

“AI is enabling threat actors to operationalise their tactics and techniques more rapidly, making zero-day and n-day vulnerability exploitation more common. Time is critical. Organisations need to have continuous visibility, real-time exposure management, and strong incident response plans.” Francisco Donoso, Chief Product and Technology Officer, Beazley Security.

How attackers are getting in

Threat actors follow the money and exploit the easiest entry points.
According to Beazley Security’s Q4 2025³ data:

54% of breaches began with compromised VPN credentials
32% exploited weaknesses in Cloud, SaaS, web applications, or APIs

“Threat actors are targeting SaaS vendors, and third-party suppliers, and the developer ecosystems, using them as a gateway that provides a faster path into a multitude of other potential victims.”

Francisco Donoso
Chief Product and Technology Officer, Beazley Security

The new data danger

Data remains the attacker’s most valuable target. In Q4 2025 alone, stolen information posted online increased by 50%⁴, with adversaries more willing to apply public pressure when ransom talks stall.

This trend is being driven by increasingly sophisticated attack methods:

AI-generated phishing/social engineering scams that convincingly mimic real, human communication
Deepfake-enabled fraud targeting individuals
Ransomware attacks capable of paralysing entire operations

“Effective cyber risk mitigation is rarely exotic: it should start with basic cyber hygiene and system recovery fundamentals. Firms must prepare to manage multiple claims that can cascade from a single incident, such as operational disruption, ransom demands, regulatory investigations and floods of claims from customers, suppliers and shareholders.”

Mark Singer
Claims Focus Group Leader, Cyber, Beazley

A perfect storm: Rising risk meets rising regulation

As malicious activity intensifies, regulators are tightening their scrutiny. Data has become a geopolitical asset; governments are asserting control to prevent exploitation, espionage and criminal misuse.

But regulatory frameworks differ widely by country. A single system may fall under several conflicting data privacy and security regimes, creating:
- Complex reporting obligations
- Heightened legal liabilities
- Increased financial penalties for misalignment

Misaligned data governance can trigger enforcement action, hinder access to insurance, and create long-lasting operational and legal consequences.

Data risk now sits at the intersection of technology, regulation, and geopolitics. Treating it as a core governance issue – not a specialist silo – is essential.

Beyond the network perimeter: Supply chain vulnerabilities

Reliance on shared platforms and third- party services dramatically widens an organisation’s attack surface. Verizon’s 2025 Data Breach Investigations Report⁵ found that 30% of breaches involved a third-party – double the previous year.

Modern exposure management platforms can map supplier risk, detect hidden vulnerabilities in real-time, and provide early warning mechanisms that prevent cascading failures.

“Our approach to exposure management provides an early alarm system that spans client environments, including their integrated suppliers. Always on, this provides up-to-date visibility, along with insights and guidance on the level of risk and what to do about it. This is a leap forward in ecosystem risk management.”

Raf Sanchez
Global Head of Cyber Services, Beazley Security
Why the basics still matter

Even as threats evolve, fundamental cyber hygiene remains essential:

Well-managed privileges

Rapid containment of credential misuse

Consistent deployment of multi-factor authentication (MFA)

However, these measures only hold if suppliers and partners maintain the same standards. Weaknesses anywhere in an organisation’s online ecosystem expose everyone.

Advanced solutions such as Managed Extended Detection & Response (MXDR) and exposure management services offer always-on monitoring, eliminating blind spots and enabling faster, more coordinated responses.

When cyber risk meets physical reality

Digital attacks increasingly have real-world consequences – particularly in sectors such as marine and property.

GPS spoofing, for example, is rising sharply. By broadcasting counterfeit signals, attackers can manipulate a vessel’s perceived location, potentially causing:

Groundings

Collisions

Lost or damaged cargo

Environmental damage

In regions such as the Straits of Hormuz, we are seeing high levels of GPS interference, raising the risk of collisions between ships stuck in the Straits due to the conflict there.
It’s time to brace for unrelenting threats

Cyber risk has outgrown traditional defensive perimeters. Today’s threats – fuelled by AI, geopolitics, regulatory fragmentation, and interconnected supply chains – spread faster, strike harder, and last longer than many business leaders expect.

Resilience now requires a full-system, always-on perspective across:

Data

Infrastructure

Third-party ecosystems

Jurisdictions

The fundamentals still matter, but they are no longer enough on their own.

AI is accelerating cyber threats

The new data danger

Data remains the attacker’s most valuable target. In Q4 2025 alone, stolen information posted online increased by 50%⁴, with adversaries more willing to apply public pressure when ransom talks stall.

This trend is being driven by increasingly sophisticated attack methods:

AI-generated phishing/social engineering scams that convincingly mimic real, human communication
Deepfake-enabled fraud targeting individuals
Ransomware attacks capable of paralysing entire operations

“Effective cyber risk mitigation is rarely exotic: it should start with basic cyber hygiene and system recovery fundamentals. Firms must prepare to manage multiple claims that can cascade from a single incident, such as operational disruption, ransom demands, regulatory investigations and floods of claims from customers, suppliers and shareholders.”

Mark Singer
Claims Focus Group Leader, Cyber, Beazley

A perfect storm: Rising risk meets rising regulation

As malicious activity intensifies, regulators are tightening their scrutiny. Data has become a geopolitical asset; governments are asserting control to prevent exploitation, espionage and criminal misuse.

But regulatory frameworks differ widely by country. A single system may fall under several conflicting data privacy and security regimes, creating:
- Complex reporting obligations
- Heightened legal liabilities
- Increased financial penalties for misalignment

Misaligned data governance can trigger enforcement action, hinder access to insurance, and create long-lasting operational and legal consequences.

Data risk now sits at the intersection of technology, regulation, and geopolitics. Treating it as a core governance issue – not a specialist silo – is essential.

Supply chain vulnerabilities

Beyond the network perimeter: Supply chain vulnerabilities

Reliance on shared platforms and third- party services dramatically widens an organisation’s attack surface. Verizon’s 2025 Data Breach Investigations Report⁵ found that 30% of breaches involved a third-party – double the previous year.

Modern exposure management platforms can map supplier risk, detect hidden vulnerabilities in real-time, and provide early warning mechanisms that prevent cascading failures.

“Our approach to exposure management provides an early alarm system that spans client environments, including their integrated suppliers. Always on, this provides up-to-date visibility, along with insights and guidance on the level of risk and what to do about it. This is a leap forward in ecosystem risk management.”

Raf Sanchez
Global Head of Cyber Services, Beazley Security
Why the basics still matter

Even as threats evolve, fundamental cyber hygiene remains essential:

Well-managed privileges

Rapid containment of credential misuse

Consistent deployment of multi-factor authentication (MFA)

However, these measures only hold if suppliers and partners maintain the same standards. Weaknesses anywhere in an organisation’s online ecosystem expose everyone.

Advanced solutions such as Managed Extended Detection & Response (MXDR) and exposure management services offer always-on monitoring, eliminating blind spots and enabling faster, more coordinated responses.

When cyber risk meets physical reality

Case study: Small businesses, big exposure

Cyber crime is surging as economic uncertainty persists and AI-enabled criminal activity becomes more advanced. Small businesses, sole traders and micro-enterprises – already stretched thin – are now among some of the most targeted groups.

Explore the case study

Spotlight snapshots

Cyber attacks now trigger full operational crises

Not just data breaches – causing long-term disruption, multi-million dollar losses, supply chain breakdowns and elevated regulatory scrutiny.
Executive confidence is overly high

AI-powered attacks are accelerating and exploiting basic weaknesses in networks and ecosystems.
Risk spans data, partners and physical infrastructure

Requiring stronger governance and end-to-end visibility to remain resilient.