At Quorum Cyber, our mission to help good people win begins with a clear understanding of the threats organisations face.

The Global Cyber Risk Intelligence Outlook 2026 reflects the rigorous analysis and strategic foresight of our Threat Intelligence team, examining how the events of 2025 reshaped global cyber risk and identifying the trends most likely to define the year ahead.

READ THE REPORTREAD KEY FINDINGS

Key Findings

  • The number of newly formed ransomware groups increased by 30% during the 12 months to the end of October 2025
  • New, white-label Ransomware-as-a-Service (RaaS) platforms now enable cybercriminal groups to create their own brands
  • Cybercriminal groups are abandoning encryption in favour of pure data exfiltration for faster, lower-cost cyber-attacks
  • Global vulnerability disclosures rose 21% to exceed 35,000 in the year to the end of October 2025
  • First evidence of a nation-state-backed threat group leveraging Claude’s agentic capabilities to orchestrate attacks, with AI agents performing up to 90% of the intrusion activity
  • Threat actors from Russia, China, and Iran remain the top threats to the public sector as they sustain large cyber espionage campaigns, while nation-state-sponsored bad actors likely earned over $2 billion from cybercrime in 2025.
  • Average ransom demands rose by 179% in financial services and 97% in manufacturing
  • Data breaches in the education sector jumped by 73% with sustained pressure from ransomware groups, access brokers and extortion actors forecast for 2026
  • Ransomware targeting rose by 43% and data breaches increased by 20% in the professional services and legal sectors
  • Cyber activity targeting the healthcare and pharmaceuticals sector increased by 26%
  • Threat actors from Russia, China, and Iran continue to pose severe threats to the public sector globally, while threat actors from North Korea, organised crime gangs, and hacktivist groups remain significant threats to multiple industry sectors worldwide as they continue to evolve their tactics
  • Governments in the UK, the US, Canada, and Australia updated key cyber security bills and acts to strengthen national cyber resilience frameworks

Industry-Specific Threat Intelligence

The Global Cyber Risk Intelligence Outlook 2026 is supported by a series of sector-focused guides. Each guide applies the same underlying threat intelligence and analysis to the specific risk profiles, adversary activity, and operational realities of individual industries. These industry perspectives are designed to complement the core report, providing additional context on how global cyber threats manifest at a sector level.

quorum cyber

Cloud, Identity, and Hybrid Attacks

This evolution has contributed to a rise in hybrid, multi-vector attacks that simultaneously target cloud environments, identity infrastructure, endpoints, and Software-as-a-Service (SaaS) platforms.

Cloud-native services in particular have become a primary battleground, as adversaries exploit misconfigurations, shared-responsibility gaps, and legitimate platform features to maximise disruption.

Threat actors are no longer simply exploiting vulnerabilities – they are strategically engineering campaigns to target the interconnected nature of modern digital ecosystems.

Looking Ahead to 2026

Despite these challenges, we’re optimistic that the tide is turning in favour of defenders. Cross-sector collaboration is strengthening, and more organisations are shifting from reactive defences to proactive resilience strategies – a direction we believe is essential for the future of cyber security.

Meanwhile, defensive AI continues to mature, enabling earlier detection of anomalous behaviour, more efficient investigation, and empowering all analysts to raise their game.

Take Action

Every sector faces cyber security challenges. Our range of managed security services and incident response services are designed to defend and protect organisations wherever they are on their security journey.

To explore how intelligence-led security approaches translate into practical defensive outcomes, organisations are encouraged to participate in the Microsoft Threat Protection Workshop.

Privacy Preference Center

Privacy Preferences

Skip to content