The 2026 Global Cyber Risk Outlook from Quorum Cyber provides critical insights into the cyber security threats organisations will face in 2026, including the rapid rise of AI-enabled attacks and Ransomware-as-a-Service (RaaS).

The report reveals the first signs of a nation-state group using AI agents to run up to 90% of an intrusion and outlines how cybercriminals are ditching encryption for faster, cheaper data-theft attacks. It also explains why the number of newly formed ransomware groups increased by 30% and why global vulnerability disclosures rose 21%, surpassing 35,000 by October 2025. In a significant new development, it highlights how new white-label RaaS platforms now enable cybercriminals to launch their own branded operations – lowering the barrier to entry for lesser-skilled adversaries.

Quorum Cyber’s Threat Intelligence team include crucial insights into the current cyber threats facing the private, public, and not-for-profit sectors worldwide, anticipates emerging risks for 2026, and provides actionable advice for all organisations to strengthen cyber security posture and cyber resilience, and mitigate cyber risk.

As geopolitical uncertainty continues to grow, cybercriminals are accelerating the use of AI-powered cyber-attacks, and advancing ransomware, making 2026 a decisive and critical year for defenders worldwide.

New information, new research, and cutting-edge analysis 

Pulling on information and analysis from Quorum Cyber’s Threat Intelligence, Incident Response, and Counter Extortion teams, alongside datasets from the cyber security platform, Falcon Feeds, the report provides detailed insights into the cybercrime groups currently most active and how they conduct their attacks against organisations across the global economy. It examines how attack patterns and threat trends are evolving, and how they are likely to develop in the future.

Geopolitics drives cyber-attacks and cybercrime  

Geopolitical instability continues to drive malicious activity. Regional conflicts and ideological tensions are fuelling influence operations, disruption campaigns, and intelligence gathering. Threat actors linked to data breaches now account for 55% of emergent groups in 2025, up from 49% in 2024, highlighting the growing value of data as a target. The rise in new ransomware groups has been accelerated by white-label RaaS offerings such as DragonForce’s RansomBay, which lower the barrier to entry for less technically mature actors.

As 2026 unfolds, the cyber security landscape is more complex and fast-moving than ever. Meeting this challenge requires flexible, intelligence-led security models that can identify and disrupt threats early in their lifecycle.

“Over the past year, we have witnessed a marked acceleration in the capability and ambition of threat actors. The proliferation of AI-enabled tooling, combined with an increasingly professionalised cybercriminal economy, has lowered barriers to entry and expanded the reach of even modestly skilled actors,” says Federico Charosky, Quorum Cyber’s Chief Executive Officer. “This report distils the most significant developments observed across our intelligence, incident response, and counter extortion work, offering practical guidance to help organisations anticipate and mitigate emerging risks.”

Key findings

The 2026 Global Cyber Risk Outlook: Emerging Threat Intelligence Insights report’s key findings of trends shaping 2026 are:

• First signs of a nation-state group using AI agents to run up to 90% of an intrusion
• Cybercriminals are ditching encryption for faster, cheaper data-theft attacks
• The number of newly formed ransomware groups increased by 30%
• New white-label RaaS platforms enable cybercriminals to brand their operations
• Global vulnerability disclosures rose 21%, surpassing 35,000 by October 2025
• Average ransom demands surged across most sectors, including by 179% in financial services and 97% in manufacturing.

Download the report and register for the webinar

You’re welcome to download the 2026 Global Cyber Risk Outlook for free.

Join our webinar at 11am ET / 4pm GMT on Wednesday 25th February 2026 when Quorum Cyber’s Senior Threat Intelligence Consultant Jack Alexander and Head of Advisory John Dellinger, together with Microsoft’s Chief Security Advisor Lesley Kipling, will share deep analysis and sector-specific implications from the report, and give practical guidance for organisations in every sector. Registrations for the webinar are now open.