Newsletters
Risk Central
Digital EditionCyber Risk Tops Global Executive Concerns as AI-Powered Attacks Outpace Defenses
Cyber risk has become the leading concern for businesses worldwide, with 31% of executives selecting data breaches, criminal threats and widespread outages as their top risk, up from 29% in 2025, according to Beazley’s 2026/27 Risk & Resilience survey.
Yet the report warns that executive confidence may mask a dangerous gap between perceived readiness and the reality of an accelerating threat landscape. While 82% of surveyed leaders claim preparedness, only 78% expressed confidence in full financial recovery after an attack, and the report characterizes even that figure as a likely overestimation.
AI Supercharges Both Sides of the Cyber Battle
Cyber criminals are now deploying agentic AI to execute large-scale automated reconnaissance and phishing campaigns, achieving an estimated 82% success rate, the report said. Attackers are using AI to run multiple simultaneous campaigns, each scouting thousands of organizations’ systems for vulnerabilities. Beazley Security’s Q4 2025 Threat Report found that 54% of ransomware attackers gained initial access through VPN-compromised credentials, while stolen data posted online surged 50% in the last quarter of 2025.
The same AI capabilities powering attacks are also expanding the attack surface as businesses adopt agentic systems. Gartner predicts one-third of enterprise software will include agentic AI by 2028, with the technology already making 15% of daily autonomous decisions, according to the report. Shadow AI — employees using unapproved AI tools — has grown by up to 250% in some sectors, Beazley noted.
Voice cloning, deepfake imagery and AI-generated phishing are enabling new forms of fraud. With just three seconds of recorded speech, an attacker can clone an executive’s voice with roughly 85% accuracy, the report said. One in four people have encountered an AI voice scam, and 77% of those victims lost money, according to McAfee research cited in the report.
Supply Chain and Regulatory Risks Compound the Problem
Third-party involvement in data breaches roughly doubled year over year, reaching 30% according to Verizon’s 2025 Data Breach Investigation Report, which Beazley cited. The report described a landscape where a single vendor compromise can halt operations, creating a domino effect across customers, suppliers and shareholders.
Regulatory fragmentation is adding cost and complexity. Organizations operating across borders face divergent cyber and data rules — from Europe’s NIS2 and DORA frameworks to the SEC’s disclosure requirements in the U.S. and the UK’s new Cyber Security and Resilience Bill. A single system may fall under several privacy and security laws simultaneously, the report said, and inadequate data governance “could unleash regulatory backlash — from forced disclosures to enforcement, along with hefty financial penalties.”
The average ransomware attack on a mid-size manufacturer results in 11.6 days of downtime, with financial and operational consequences stretching six to 18 months or longer, the report found. An estimated 45% of total losses stem from first-party losses and claims during operational disruption, while 30% arise from long-tail third-party litigation, regulatory fines and reputational damage.
Insurance Gaps Leave Organizations Exposed
Despite rising threats, 35% of executives said they plan to invest in AI to improve resilience, and 33% are increasing cybersecurity spending — up from 24% in 2024, the survey found. Trust in the value of insurance has also increased, with 49% of executives reporting greater confidence in insurers.
However, the report identified several common coverage gaps. Many business interruption policies only pay for physical damage, not digital disruption, and waiting periods can leave firms exposed during the critical first hours of an outage. Property policies typically exclude direct physical damage caused by cyber incidents unless a specific endorsement is added. Directors and officers may face liability claims if cyber insurance levels are deemed inadequate, the report noted.
Smaller firms face disproportionate risk, the report said, relying on credit and thin reserves where even brief downtime can become a liquidity crisis. Despite this, 73% of small and medium-sized enterprises expressed confidence they could fully recover from a cyber attack — confidence the report characterized as a significant overestimation of actual resilience.
Obtain the full report here. &
