At Quorum Cyber, our mission to help good people win begins with a clear understanding of the threats Healthcare & Pharmaceuticals organisations face.

The Global Cyber Risk Intelligence Outlook 2026 reflects the rigorous analysis and strategic foresight of our Threat Intelligence team, examining how the events of 2025 reshaped global cyber risk and identifying the trends most likely to define the year ahead.

READ THE REPORT

Download the Report

Key Findings

  • The number of newly formed ransomware groups increased by 30% during the 12 months to the end of October 2025
  • New, white-label Ransomware-as-a-Service (RaaS) platforms now enable cybercriminal groups to create their own brands
  • Cybercriminal groups are abandoning encryption in favour of pure data exfiltration for faster, lower-cost cyber-attacks
  • Global vulnerability disclosures rose 21% to exceed 35,000 in the year to the end of October 2025
  • First evidence of a nation-state-backed threat group leveraging Claude’s agentic capabilities to orchestrate attacks, with AI agents performing up to 90% of the intrusion activity
  • Threat actors from Russia, China, and Iran remain the top threats to the public sector as they sustain large cyber espionage campaigns, while nation-state-sponsored bad actors likely earned over $2 billion from cybercrime in 2025.
  • Cyber activity targeting the sector increased by 26%
  • Of the 61 countries impacted, the US, the UK, and India were the most frequently exploited
  • Ransomware targeting grew by 21%
  • Data breaches increased by 19%, showing a shift toward data-theft-driven extortion
  • Hacktivism targeting shot up by 76%

Industry-Specific Threat Intelligence

The Global Cyber Risk Intelligence Outlook 2026 is supported by a series of sector-focused guides. Each guide applies the same underlying threat intelligence and analysis to the specific risk profiles, adversary activity, and operational realities of individual industries. These industry perspectives are designed to complement the core report, providing additional context on how global cyber threats manifest at a sector level.

quorum cyber

Cloud, Identity, and Hybrid Attacks

This evolution has contributed to a rise in hybrid, multi-vector attacks that simultaneously target cloud environments, identity infrastructure, endpoints, and Software-as-a-Service (SaaS) platforms.

Cloud-native services in particular have become a primary battleground, as adversaries exploit misconfigurations, shared-responsibility gaps, and legitimate platform features to maximise disruption.

Threat actors are no longer simply exploiting vulnerabilities – they are strategically engineering campaigns to target the interconnected nature of modern digital ecosystems.

Looking Ahead to 2026

Despite these challenges, we’re optimistic that the tide is turning in favour of defenders. Cross-sector collaboration is strengthening, and more organisations are shifting from reactive defences to proactive resilience strategies – a direction we believe is essential for the future of cyber security.

Meanwhile, defensive AI continues to mature, enabling earlier detection of anomalous behaviour, more efficient investigation, and empowering all analysts to raise their game.

Read the Full Report

Take Action

Every sector faces cyber security challenges. Our range of managed security services and incident response services are designed to defend and protect organisations wherever they are on their security journey.

To explore how intelligence-led security approaches translate into practical defensive outcomes, organisations are encouraged to participate in the Microsoft Threat Protection Workshop.

Learn More

Privacy Preference Center

Privacy Preferences

Skip to content