Ransomware attacks are forecast to see a sharp rise, with the number of victims publicly named on leak sites projected to grow from 5,010 in 2024 to more than 7,000 by the end of 2026, according to figures from insurer QBE. This would represent a rise of around 40%, and almost a five-fold increase since 2020, when just 1,412 victims were listed.

The data, compiled with risk consultancy Control Risks, reflects how rapid cloud and AI adoption is reshaping cyber risk exposure.

Between August 2023 and August 2025, the government and public administration sector accounted for 19% of all cyber incidents globally, making it the most targeted. IT and telecommunications followed at 18%, while manufacturing, logistics and transport together made up 13%.

In the UK, there were 49 significant cyber incidents over the past two years, around 10% of the global total of 447 – with cloud platforms prime attack vectors. High-severity cloud alerts rose by 235% in 2024 y-o-y, driven by widespread adoption and more sophisticated attacker tactics. Business email compromise attacks exploiting Microsoft 365 and similar services are increasingly bypassing security checks.

Supply chain risks are growing too. A 2023 breach at SSO provider Okta exposed 134 customers and wiped around £1.6bn off its market value, showing how one weak link can affect hundreds of businesses.

Generative AI is further shifting the threat landscape. By early 2025, ChatGPT reportedly had 755m users, a 33% rise in two months, while Microsoft Copilot had 88m active users. Control Risks also claims that 78% of organisations now deploy AI in at least one business function, up from 55% in 2024. While these tools boost productivity, they can also be deployed to automate phishing and deepfake scams, lowering barriers for less experienced attackers, and expanding the threat base.

David Warr, cyber portfolio manager for QBE, commented: “As British businesses expand their use of cloud infrastructure and AI tools, they are also reshaping their risk landscape. The challenge is not just preparing for the future but catching up with exposures that have evolved at speed.”


SUGGESTED READING

Public sector data insecurity, by Martin Allen-Smith
The recent Ministry of Defence data breach highlights persistent vulnerabilities in public sector data security efforts, while unrelenting ransomware and AI-driven attacks reveal structural weaknesses in wider cyber resilience

---