While it’s been well publicised that cybercrime has increased in frequency and sophistication in the past five to ten years, what really matters to any organisation is the specific threats they face and what they can do about it.

That’s why Quorum Cyber’s new Global Cyber Risk Outlook: Emerging Threat Intelligence Insights report describes cybercrime trends in detail, explains the ramifications to different sectors, and shares actionable advice for businesses and public sector agencies.

Our Threat Intelligence team continuously tracks financially motivated threat actors, nation-state-backed adversaries, and hacktivists to provide a rich picture of the current global threat landscape. Its findings are based on incidents and investigations observed across more than 350 organisations globally, spanning businesses with between 10 and 10,000 employees.

Emergent groups

Throughout 2025, the Threat Intelligence team tracked 1,100 emerging threat actors across all threat vectors from ransomware, data sellers, and hacktivism, representing a 23% increase in emerging threat actors compared to 2024.

While most new threat actors are individuals selling basic leaked data on dark web forums, a considerable number are significant criminal organisations, such as large Ransomware-as-a-Service (RaaS) groups. Threat actors attributed to data breaches represent 55% of the total number of emergent threat actors in 2025, compared to 49% in 2024. These figures show that threat actors value data more than ever before, which ramps up the risk level to organisations worldwide.

The report reveals several new cybercrime trends discovered in 2025 which our team will continue to track throughout 2026:

• Cybercriminal groups are abandoning encryption in favour of pure data exfiltration for faster, lower-cost cyber-attacks
• Increased competition between organised criminal groups operating ransomware services drove them to innovate more as they try to attract affiliates to their platform
• Social engineering remains the most common initial access vector for high-profile intrusions
• Nation-state-backed threat groups started leveraging Claude’s agentic capabilities to orchestrate attacks, with AI agents performing up to 90% of the intrusion activity.

Threat developments in AI

Artificial intelligence (AI) is, of course, one of the key themes in the report. The Threat Intelligence team found that threat actors are rapidly integrating AI across the entire attack lifecycle, moving from basic productivity use to autonomous, AI-driven operations. Agentic AI systems can now handle the majority of complex intrusions with minimal human oversight, while attackers increasingly target organisations’ own autonomous agents.

AI is also transforming malware development. New malware families embed large language models (LLMs) to generate, adapt, and obfuscate code in real time, making attacks more flexible and harder to detect. This dramatically reduces the cost and effort of producing tailored malware, accelerating a shift toward highly targeted, organisation-specific attacks.

Social engineering has become more convincing through AI-enhanced deception, including realistic impersonation, fabricated video interactions, and recycled victim data. These techniques increase trust and success rates while deepening psychological manipulation.

Meanwhile, cybercrime is becoming more industrialised. AI-powered tools are openly marketed in underground forums, supporting everything from phishing to exploitation and troubleshooting, and lowering the skill barrier for attackers.

Overall, generative AI is reshaping the threat landscape by blurring the line between novice and advanced actors, increasing attack speed and scale, and enabling more precise, high-impact campaigns. As AI becomes both a target and a force multiplier, the cyber ecosystem is becoming more volatile, with increased collaboration, AI-as-a-Service models, and heightened risk to organisations.

Access the full report and sign up for the webinar

The 2026 Global Cyber Risk Outlook contains a wealth of insights on trends in cybercrime, ransomware, cyber-attacks on private sectors, the influence of geopolitics, and much more.

Quorum Cyber’s Senior Threat Intelligence Consultant Jack Alexander and Head of Advisory John Dellinger, alongside Microsoft’s Chief Security Advisor Lesley Kipling, will discuss ransomware trends in a webinar at 11am ET / 4pm GMT on Wednesday 25th February 2026. Registrations for the webinar are now open.