The cyber threat landscape has entered a period of unprecedented activity and evolution. Organizations that once viewed cybersecurity as a technical checkbox are now confronting a harsh reality: threat actors have dramatically increased both the frequency and sophistication of their attacks, fundamentally altering how businesses must approach risk management.

“This year, we’ve seen more activity by cybercriminals than in previous years, and their sophistication has increased dramatically,” said Dominic Keller, Global Head of Cyber Services at QBE Insurance. “The environment is extremely active right now. Most days, our team discusses newly identified threats and potential impacts, highlighting just how dynamic the current cyber risk landscape has become.”

This escalation represents more than a quantitative increase in attacks — it signals a qualitative shift in how cybercriminals operate. The traditional image of isolated hackers working from basements has given way to organized, professional operations that rival legitimate businesses in their structure and capabilities.

The Growing Storm: Volume and Intensity of Modern Cyber Attacks

Dominic Keller, Global Head of Cyber Services, QBE Insurance

The scale of current cyber activity has reached levels that would have seemed unimaginable just a few years ago. Jack Tolliday, Threat Intelligence Specialist at QBE Insurance, describes the current environment as “particularly eventful and busy,” with threat actors continuously evolving their capabilities.

“Threat intelligence essentially boils down to understanding threat actor capabilities and intent — what they’re targeting, why, and how they approach different organizations and sectors,” Tolliday said. “One clear trend is that their capabilities are continuously developing.”

This increase in capabilities manifests in several concerning ways. Technology supply chain risks have emerged as one of the most significant shifts, according to Keller, fundamentally changing how organizations must think about their security perimeters. No longer can companies simply secure their own networks; they must now consider the security posture of every vendor, partner, and third-party service provider in their ecosystem.

Jack Tolliday, Threat Intelligence Specialist, QBE Insurance

The sophistication of social engineering tactics has reached remarkable levels. “They operate with incredible sophistication, demonstrating strong English skills and very capable methods of network infiltration,” Keller noted. These aren’t the poorly written phishing emails of the past — modern attacks employ psychological manipulation techniques that can fool even security-conscious employees.

Perhaps most troubling is how threat actors adapt to defensive improvements. “As organizations get better at defending, threat actors change their behavior and adapt their evasion techniques,” Tolliday said. “Techniques like tampering with IT security tools or leveraging compromised user identities in their attacks can make their attacks much harder to detect and stop.”

The rise of artificial intelligence has added another dimension to the threat landscape. While traditional social engineering methods continue to cause significant damage, AI-powered attacks like deepfakes, vishing (voice phishing), and smishing (SMS phishing) are becoming increasingly sophisticated. “The application of AI to video and SMS-based cyberattacks is particularly concerning,” Keller said.

Target-Rich Environment: Understanding Sector Vulnerabilities

While no industry remains immune to cyber threats, certain sectors face disproportionate targeting due to their perceived value or vulnerability. Understanding these patterns helps organizations assess their own risk profiles and prioritize defensive measures accordingly.

“Manufacturing is a very highly targeted sector because of the operational downtime that can be caused through a ransomware attack,” Tolliday explained. “Retail has certainly become increasingly of interest to threat actors.” The technology sector attracts attention from both criminal ransomware groups and nation-state actors, while professional services firms become targets due to the sensitive client data they maintain.

“Professional services is also targeted because of the sensitivity of data that organizations like law firms hold, making the sector perceived as a valuable target,” Tolliday said. Health care and education sectors also receive significant attention from attackers, despite some criminal groups claiming ethical considerations would keep them from targeting healthcare organizations.

Keller emphasized two critical points about targeting patterns. “Firstly, cyber criminals are opportunistic — while those are the most targeted industries, no sector is considered off-limits,” he said.

Geographic targeting patterns also reveal important insights. “The US still remains the key geography targeted by cybercriminals,” Keller noted. “That said, we’re seeing multi-million dollar claims in Europe, and cyber attackers are certainly starting to broaden their regional attack approaches to different areas.”

The motivation behind these attacks remains consistent: extortion. “Ransomware is absolutely the top threat in terms of impact and scale on organizations,” Tolliday said. “Extortion is the primary motivation. Ransomware is the method through which criminals encrypt systems and lock them down.”

The impact of successful attacks extends far beyond individual organizations. “We’ve seen big attacks that have impacted not only individual organizations directly but also the wider supply chain sector,” Tolliday explained. The distinction between data theft and system encryption is crucial — while companies can potentially continue operating after data theft, encrypted systems bring operations to a complete halt.

Building Resilience: Best Practices and Strategic Partnerships

Facing this evolving threat landscape, organizations must adopt comprehensive defense strategies that combine fundamental security practices with advanced threat intelligence and strategic partnerships. The experts identified several critical areas where organizations should focus their efforts.

“Business readiness is essential, as the disruption from a ransomware attack can be significant to an organization,” Keller said. “Understanding the financial, business, and reputational impacts of such attacks is crucial to proper preparation.”

Operational resilience builds upon this foundation, requiring organizations to establish clear procedures for maintaining business continuity during cyber events. This approach mirrors mature business continuity planning but requires specific consideration of cyber-related disruptions.

Training and awareness emerged as perhaps the most critical element. “While technical strength in detection and defense matters, the vast majority of cyber attacks still begin with human error—someone clicking a link or inadvertently opening a gateway for cyber criminals,” Keller explained.

Data governance represents another essential pillar. “Organizations that understand what constitutes their critical data — necessary for business functions or sensitive information held for third parties — are better positioned against threats,” Keller said. “Understanding what that data is, how you’re protecting it, and actively monitoring those data risks is where leading organizations focus their attention.”

From a technical perspective, Tolliday emphasized getting the basics right. “It’s important to enforce technical controls like multifactor authentication, patch your systems properly, use endpoint protection and maintain good backups,” he said. “As an insurer, these are the fundamental things we look for in a potential client.”

The role of threat intelligence in proactive defense cannot be overstated. “Understanding your environment and threat profile is essential,” Tolliday said. “Threat intelligence is about knowing your adversary and translating what is happening in the threat landscape to what you need to be doing internally.”

Organizations must also balance external expertise with internal capability development. “The key thing is to balance the vendors that you bring in versus upskilling your existing security team,” Tolliday explained. “It’s making sure if you can’t handle something in-house, you bring someone in, but you should maintain that balance and upskill your security staff as much as possible.”

QBE’s approach to supporting organizations reflects this comprehensive view of cybersecurity. Recognizing the high risk posed by AI-enhanced social engineering, the company’s global cyber services team has partnered with vendors to deliver specialized training and awareness programs, including tools for conducting vishing and smishing simulations.

“Good detection processes, training and awareness, and cross-business preparation (i.e., tabletop exercises) will take you a long way towards effectively managing cyber risks,” Keller said. “It can seem overwhelming, however some core steps and strategies can greatly reduce risks and enhance business resilience.”

The partnership between insurers and insureds has evolved beyond simple risk transfer to encompass proactive risk management. Insurance providers now offer threat intelligence services, incident response support, and preventive resources that help organizations build resilience before attacks occur.

Looking ahead, the cyber threat landscape will continue evolving, but organizations need not feel overwhelmed. “Much of it distills back to core ideas and foundational steps that organizations can take and act on,” Keller said. The combination of strong fundamentals, continuous awareness, and strategic partnerships provides a robust framework for navigating today’s threat environment.

“Resiliency really boils down to how you react when an event occurs, which is where insurance and the specialists we work with can help if the worst should happen,” Keller concluded. “This represents both the pre-attack and post-attack readiness organizations need to develop — securing your defenses while being prepared to respond effectively when incidents occur.” &