Ransomware attacks are predicted to escalate in the coming years, with the number of publicly named victims expected to rise by 40% by the end of 2026, a new QBE report warns.
This sharp rise is attributed to cybercriminals exploiting vulnerabilities in rapidly adopted cloud and artificial intelligence (AI) technologies.
These tools, while boosting business efficiency, are also enabling attackers to launch more sophisticated and precise ransomware, phishing, and fraud campaigns.
According to the report, the UK experienced 49 significant cyber incidents over the past two years, making up 10% of the global total (447).
It also revealed that government and administrative systems were the most targeted sector globally between August 2023 and August 2025, accounting for 19% of all incidents. IT and telecommunications followed at 18%, while manufacturing, logistics and transport sectors together represented 13%.
A key concern raised in the report is the increasing risk posed by third-party suppliers. A single compromised vendor, such as the Okta breach in 2023 that exposed 134 business clients, can create a ripple effect, putting hundreds of companies at risk and halting business operations.
David Warr, Cyber Portfolio Manager for QBE said: “As British businesses expand their use of cloud infrastructure and AI tools, they are also reshaping their risk landscape. The challenge is not just preparing for the future but catching up with exposures that have evolved at speed.
“The supply chain threat causes concern for companies. While outsourcing certain parts of your business can create efficiencies and cost savings, there are security considerations to bear in mind. Each outsourced provider that connects into your company creates an additional layer of risk – not only in terms of potential malware transmission but also in terms of critical dependencies. Each third-party connection creates new risk, and a single point of failure can halt business operations altogether.”
The report details how generative AI is reshaping the cyber threat landscape. In 2025, 78% of organisations using AI in at least one business function up from 55% in 2024.
While businesses are leveraging Gen AI for productivity, cybercriminals are using the same technology for malicious purposes. The increased usage of this technology also lowers the technical barrier for entry-level cybercriminals, enabling them to automate phishing attacks, create identity fraud schemes, and develop malware with greater speed and precision.
The report notes that deepfakes were implicated in nearly 10% of successful cyberattacks in 2024, with fraud losses ranging from $250,000 to over $20 million.
To combat the rising threat, QBE is urging companies to strengthen protective measures to match the evolving threat landscape.
The report recommends a multi-faceted approach, including:
- Mapping and assessing risk profiles to identify critical assets and vulnerabilities.
- Defining acceptable organisational risk so leadership can explicitly set boundaries for risk and exposure to data.
- Prioritise mitigation strategies to direct resources towards the areas of greatest impact.
- Planning for worst-case scenarios with tested contingency plans and recovery protocols.
- Regularly stress test crisis management to evaluate decision making, communication and response.
- Incorporate third-party expertise into cyber security strategies to help manage residual and emerging risks.
- Continuously monitor and adapt cyber defences to stay ahead of evolving threats, new technology and changing business needs.
- The report emphasised that building resilience requires embedding cyber risk management into technology lifecycles from the outset, including strong identity and access management (IAM) protocols, regular configuration audits, and encrypting sensitive data across all cloud environments.
“Also, continuous monitoring, threat intelligence, and incident response plans help detect and contain threats before they escalate. In addition, businesses should evaluate the security posture of their third-party providers and establish clear protocols for managing supply chain exposure,” QBE added.
Concluding: “These practices will enable UK businesses to make the most of GenAI and cloud storage while protecting their operations, preserving continuity and maintaining trust.”
